Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1313
Views
0
Helpful
1
Replies

Throughput issues in Cisco ASA 5510

VAbr AVib
Level 1
Level 1

‎04-29-2013 01:07 AM - edited ‎03-11-2019 06:36 PM

For internet connectivity, we have a Cisco Firewall connected to a BGP router multihomed with 2 ISP. Attached the high level diagram for reference.

We have noticed that the bandwidth usage over the primary connectivity is less than 5 % of the total 100 mbps internet bandwidth, same way if i route the traffic via the secondary path then the bandwidth goes at an average up to 30 %.

I have noticed that if i use any fast download softwares like DAP, then i am getting a speed of almost 10 Mbps but the normal usage is not crossing 5%. Is there any settings in ASA that i have to do to make this primary interface use more bandwidth.

1 person had this problem
Labels:
Preview file
18 KB
0 Helpful
1 Reply 1

VAbr AVib
Level 1
Level 1

‎04-29-2013 05:26 AM

It looks like only the http traffic that is not giving the throughput, the VPN and all other traffic is perfectly working. Also as i mentioned earlier if we use a Download Accelerator then i can easily download with 10 Mbps speed.

Any idea is this behavior due to any inspection ?

Please check the below configuration, any idea will this impact the internet browsing and download rate.

class-map netflow-export-class

match access-list netflow-export

class-map inspection_default

match default-inspection-traffic

class-map http-port

match port tcp eq www

!

!

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect netbios

  inspect tftp

  inspect sip

  inspect ftp

  inspect ip-options

class netflow-export-class

class class-default

  flow-export event-type all destination 10.10.10.21

policy-map type inspect http inbound_http

parameters

match request body length gt 2000

  reset log

match response body length gt 2000

  reset log

match not request body length gt 100

  reset log

match not response body length gt 100

  reset log

match req-resp content-type mismatch

  reset log

match request header content-type violation

  reset log

match response header content-type violation

  reset log

match request header length gt 100

  reset log

match request uri length gt 100

  reset log

class _default_gator

  drop-connection

class _default_kazaa

  drop-connection

class _default_msn-messenger

  drop-connection

class _default_aim-messenger

  drop-connection

class _default_yahoo-messenger

  drop-connection

policy-map inbound_policy

class http-port

  inspect http inbound_http

!

service-policy global_policy global

prompt hostname context

call-home reporting anonymous

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card