Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
2
Replies

Cisco ASA 5505 related issue

manoj.kumar0074
Level 1
Level 1

‎12-07-2010 10:49 PM - edited ‎03-04-2019 10:43 AM

The hardware / software / license information is as follows:

Cisco ASA 5505 , ASA version 7.2(4) , ASDM version 5.2(4)
License: Base license with 3DES-AES

The scenario is as follows:

1. The 5505 sets up a VPN tunnel to another 5510 box. The tunnel works without any problem. The PCs on the 'inside' network are able to ping the servers beyond the remote 5510 and run the applications without any problem.
2. For Internet access, the PCs on the 'inside' network are NATed behind the 'outside' interface IP address. The PCs are able to browse web sites and access Internet in general.
3. There are no firewall rules / access list filters configured at the moment.

Now for the issue:

We need to access several web based e-mail servers from inside PCs. These are Lotus Domino servers of various versions. All other servers work ok except one. The particular server works extremely slow, the pages take even 10-15 minutes to come up. However, if we bypass the ASA, the same server works perfectly ok. There is no connectivity / bandwidth issue at the server end.

Could this be MTU or MSS issue ?

Labels:
0 Helpful
2 Replies 2

Mohamed Sobair
Level 7
Level 7

‎12-07-2010 11:02 PM

Hi,

It depends on the type of Application running on the server.

If the clients are able to access the server directly without any problem, then its vital that this issue is caused by NAT on the firewall. Some Application is not recommended to use NAT or to be placed behind a firewall.

Can you refer to the recommendation of this type of Application ?

Regards,

Mohamed

0 Helpful

connect2world
Level 1
Level 1

‎12-08-2010 12:42 AM

Hi,

I had similar issue in my VPN tunnel, one of the VPN end-point is a Cisco 877W router.It take a long time to load web-based application. After doing so research, I found out that this problem is related to tcp-mss setting issue.There is a long article on this issue: http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml. If you want to resolve your problem fast, I suggest set the lan facing interface with ip tcp adjust-mss 1200. The value 1200  can be determine by trial and error and should be able to handle most situation like yours.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card