Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1188
Views
0
Helpful
4
Replies

Slow Network

Go to solution
woodjl1650
Level 1
Level 1

‎09-04-2011 11:23 PM - edited ‎03-07-2019 02:02 AM

I think I might have a problem   with how my network is set up.    Cable Modem --->ASA5505--->Cisco  3660--->Switch  For some reason if I use the ASA as a DHCP server  too, the internet is much faster.  Could the 3660 be slowing down the  netwok?  The 3660 has 2 FE ports, so it should be running good at 10/100  correct?  Is there another setup I should consider to help speed up the  network?  I also have a Cisco 2600 with dual enthernet ports, could I use that as well to help take some of the preasure off the other devices?

Below are the running config for the 3660 and the ASA

Cisco 3660

Building configuration...

Current configuration : 1103 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.19

!

ip dhcp pool 192.168.1.0/24

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 8.8.8.8 8.8.4.4 192.168.1.14 192.168.1.13

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username woodjl privilege 15 secret 5 $1$FJyW$Ozgsn9oO0acvYSSeohvzX/

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.2.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.2.1

!

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end

ASA5505

ASA Version 8.2(3)

!

hostname ciscoasa

enable password DQucN59Njn0OjpJL encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Vlan5

no nameif

security-level 50

no ip address

!

ftp mode passive

access-list outside_access_in extended permit icmp any any echo-reply

pager lines 24

logging enable

logging monitor emergencies

logging history emergencies

logging asdm emergencies

logging mail emergencies

logging class auth history emergencies monitor emergencies mail emergencies asdm emergencies

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit any outside

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group outside_access_in in interface outside

route inside 192.168.1.0 255.255.255.0 192.168.2.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.2.0 255.255.255.0 inside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.2.5-192.168.2.36 inside

dhcpd dns 68.87.68.166 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:7150eedc49ed0ed971b61f6be95ce9c0

: end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-04-2011 11:31 PM

Any particular reason why you are using a router to connect to your internal network instead just connecting the ASA directly to your internal network?

Currently you have:

Cable Modem --->ASA5505--->Cisco  3660--->Switch

Any reason why you can't have:

Cable Modem --->ASA5505--->Switch

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-04-2011 11:31 PM

Any particular reason why you are using a router to connect to your internal network instead just connecting the ASA directly to your internal network?

Currently you have:

Cable Modem --->ASA5505--->Cisco  3660--->Switch

Any reason why you can't have:

Cable Modem --->ASA5505--->Switch

0 Helpful

Go to solution
woodjl1650
Level 1
Level 1
In response to Jennifer Halim

‎09-04-2011 11:56 PM

I want security, so I use that as my firewall.  Is that router slowing things down?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to woodjl1650

‎09-05-2011 12:07 AM

Are you not using the ASA firewall as your security appliance?

Router is just another routed hop which might slow it down a little, but it should not be that bad. However, you can just use the ASA as the firewall as it is a security device.

0 Helpful

Go to solution
Julio Garcia
Level 1
Level 1
In response to Jennifer Halim

‎09-05-2011 04:44 AM

yeah totally agree with jennifer , that 3660 plays no useful function in your network -- with regards to your point about security -- from looking at the config -- it doesnt do any security , you should remove the router , re-address the inside interface of your ASA to ( ip address 192.168.1.1 255.255.255.0)

and do dhcp from your asa.. something like ...

dhcpd enable inside

dhcp address 192.168.1.20-192.168.1.220 inside

dhcp dns 192.168.1.x

your life will be a lot more easier and possible better performance as you will have one less device to go across

0 Helpful
Customers Also Viewed These Support Documents