Cisco ASA – FTP & HTTP downloads slow
When calls come in about the Internet being slow, I normally take them with a pinch of salt. This time, a new Cisco ASA had been deployed to a site, so I was more inclined to investigate.
The complaints centred around http downloads being much slower before the ASA was deployed; In the case of FTP downloads, they were dropping out completely.
The rules and configuration were fine and the traffic throughput was at steady 10mb a second on the ASA. I had a flash back to my old CCNA training, so ran through the basic checks.
The simple show interface command to display information on each interface immediately displayed a problem. The internal interface had a massive amount of input errors and CRC’s
Ciscoasa# show interface
—-Snip—–
173687355 packets input, 58611585574 bytes, 0 no buffer
Received 892529 broadcasts, 0 runts, 0 giants
3301144 input errors, 3301144 CRC, 0 frame, 0 overrun, 0 ignored, 0
—-Snip—–
Now that’s a problem.
Both interfaces on the ASA had been set to speed 100, duplex full. A quick check on the switch connected to the internal ASA interface showed it was set to auto negotiate. By flipping the ASA’s interface to auto negotiate, the errors stopped dead.
Checked back with the users and the downloads were back to the normal 250kb/sec.
Sometimes, users can be useful for troubleshooting ….
2 Comments
Aug 15, 2009 1:28 am |
What brand of switch was the ASA plugged into? I have seen issues with Cisco kit and auto-negotiate previously but always cross vendor. Usually hard setting the speed and duplex on both devices is the solution. Actually it’s my preference to hard set those on firewalls and their attached devices anyway…
But hey, What ever works
Aug 15, 2009 2:31 am |
It was a HP procurve switch. This time setting both devices to auto was the “recommended” solution.
Hum-ho,at least it worked….
Leave a Reply