Here is the asa primary config.

ACCESS TO THIS DEVICE IS STRICLTY PROHIBITED. ALL CONNECTIONS ARE MONITORED AND LOGGED.

xxxxxx# sho conf

: Saved

: Written by enable_15 at 15:03:01.711 EST Mon Mar 27 2006

!

ASA Version 7.1(1)

!

hostname xxxxxxxxx

domain-name xxxx.xxx

enable password xxxxxxxx.xxxxxxxxx encrypted

names

!

interface GigabitEthernet0/0

description vlan_xxx_outside

nameif outside

security-level 0

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx standby xxx.xxx.xxx.xxx

!

interface GigabitEthernet0/1

description vlan_xxx_inside

nameif inside

security-level 100

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx standby xxx.xxx.xxx.xxx

!

interface GigabitEthernet0/2

description vlan_xxx_dmz

shutdown

nameif dmz

security-level 40

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx standby xxx.xxx.xxx.xxx

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

passwd /xxxxx.xxxx.xxxx.xxxx encrypted

banner login ACCESS TO THIS DEVICE IS STRICLTY PROHIBITED. ALL CONNECTIONS ARE MONITORED AND LOGGED.

boot system disk0:/asa711-k8.bin

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns server-group DefaultDNS

domain-name xxxxx.xxx

access-list acl_outside extended permit icmp any host xxx.xxx.xxx.xxx echo

access-list acl_outside extended permit icmp any host xxx.xxx.xxx.xxx echo-reply

access-list acl_outside extended permit icmp any host xxx.xxx.xxx.xxx source-quench

access-list acl_outside extended permit icmp any host xxx.xxx.xxx.xxx unreachable

access-list acl_outside extended permit icmp any host xxx.xxx.xxx.xxx time-exceeded

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu management 1500

failover

failover lan unit primary

failover lan interface lanfo GigabitEthernet0/3

failover key *****

failover interface ip lanfo 192.168.200.1 255.255.255.0 standby 192.168.200.2

asdm image disk0:/asdm511.bin

no asdm history enable

arp timeout 14400

global (outside) 3 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx

global (outside) 1 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx

global (outside) 5 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx

nat (inside) 3 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

nat (inside) 5 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

nat (inside) 1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

access-group acl_outside in interface outside

route outside xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

route inside xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http xxx.xxx.xxx.xxx xxx.xxx.xxx.0 inside

http xxx.xxx.xxx.xxx xxx.xxx.xxx.0 inside

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

ssh xxx.xxx.xxx.xxx xxx.xxx.xxx.0 inside

ssh xxx.xxx.xxx.xxx xxx.xxx.xxx.0 inside

ssh timeout 3

ssh version 2

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 50

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect dns maximum-length 512

!

service-policy global_policy global

It looks like that we have the same problem. We are already using the ASA5540 in production environment and also used before the FWSM (no problems). Now if i am trying FTP for example i got only 1/10th of the possible throughput (compared to the download rate in front of ASA) ... The FTP process starts with the same rate, but this is immediately decreased to the slow rate as stated before.

Any hints, our MTU size is default 1500 bytes