Cisco ASAV in AWS low throughput

Richard Tapp · ‎09-18-2023

We have recently installed two ASAv's into AWS, both are c5.xlarge and are licensed as below.

Both have Anyconnect profiles which allow hairpining only, but when using these thoughput is only around 50kbps.

AWS are saying their side is ok, but we are at a loss.

License mode: AWS Licensing
License state: LICENSED

Licensed features for this platform:
Maximum VLANs : 200
Inside Hosts : Unlimited
Failover : Active/Standby
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 0
Carrier : Enabled
AnyConnect Premium Peers : 750
AnyConnect Essentials : Disabled
Other VPN Peers : 750
Total VPN Peers : 750
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 1000
Botnet Traffic Filter : Enabled
Cluster : Enabled

Serial Number: 9A4T1L34J8H

Image type : Release
Key version : A

EUN-AWS-LRS-FW02# sh vm

Virtual Platform Resource Status
--------------------------------
Number of vCPUs : 4
Processor Memory : 7680 MB
Hypervisor : KVMAWS
Region : eu-west-2a
Instance Type : c5.xlarge

Virtual Platform Resource Limits
--------------------------------
Connections : 500000
VLANs : 200
AnyConnect Premium Peers : 750
TLS Proxy Sessions : 1000

marce1000 · ‎09-18-2023

- Ref : https://community.cisco.com/t5/security-knowledge-base/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579#toc-hId--122729988
Apply the Anyconnect related optimization settings ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '