×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Bandwidth in Cisco ASA 5505

Bandwidth in Cisco ASA 5505

Bandwidth in Cisco ASA 5505

(OP)
Hi Guys,
Need your help. We upgraded our bandwidth speed to 100mb down 100mb up, but our ASA 5505 is only getting 30mb-40mb down and 40mb-50mb up. I have also remove the traffic shaping in the interfaces.
please see below current running configuration, I removed the IP addresses and Access-list.

Thank you in advance

Allen

###################################
:
: Serial Number:
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.1(6)10
!
hostname ASA
domain-name My_DNS
enable password encrypted
names
ip local pool Pool_VPN
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 3
switchport mode trunk
!
interface Ethernet0/3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 1
switchport mode trunk
!
interface Ethernet0/4
switchport access vlan 4
switchport trunk allowed vlan 1-6
switchport trunk native vlan 4
switchport mode trunk
!
interface Ethernet0/5
switchport access vlan 6
switchport trunk allowed vlan 1-6
switchport trunk native vlan 6
switchport mode trunk
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address Internal_IP_Subnet1
!
interface Vlan2
description ###Internet###
nameif outside
security-level 0
ip address Publi_IP
!
interface Vlan3
nameif inside-remote
security-level 100
ip address Internal_IP_Subnet2
!
interface Vlan4
nameif guestwifi
security-level 2
ip address Internal_IP_Subnet3
!
interface Vlan5
nameif dmz
security-level 1
ip address Internal_IP_Subnet4
!
interface Vlan6
nameif dvr
security-level 100
ip address Internal_IP_Subnet5
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name My_domain
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging timestamp
logging buffer-size 1048576
logging buffered debugging
logging trap errors
logging asdm critical
logging debug-trace
logging permit-hostdown
mtu inside 1500
mtu outside 1500
mtu inside-remote 1500
mtu guestwifi 1500
mtu dmz 1500
mtu dvr 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any inside-remote
asdm image disk0:/asdm-751.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic OG_RFC1918 interface inactive
nat (inside-remote,outside) source dynamic OG_RFC1918 interface inactive
nat (guestwifi,outside) source dynamic any interface inactive
nat (dmz,outside) source dynamic any interface inactive
nat (dvr,outside) source dynamic OG_RFC1918 interface inactive
nat (any,any) source static OG_RFC1918 OG_RFC1918 no-proxy-arp inactive
!
object network 4080_Network
nat (any,outside) dynamic interface
object network 5268_Network
nat (any,outside) dynamic interface
object network DMZ_NETWORK
nat (any,outside) dynamic interface
object network GUESTWiFI_Network
nat (any,outside) dynamic interface
object network CWDDockworld
nat (inside,outside) static interface service tcp
object network NiagUI
nat (inside,outside) static interface service tcp
object network NiagUI_Production
nat (inside,outside) static interface service tcp
!
nat (any,any) after-auto source static VPN VPN
access-group ACL_inside in interface inside
access-group ACL_outside in interface outside
access-group ACL_inside-remote in interface inside-remote
access-group guest_wifi in interface guestwifi
access-group guest_wifi out interface guestwifi
access-group dmz_out in interface dmz
access-group dmz_out out interface dmz
access-group dvr_access_in in interface dvr
access-group dvr_access_in out interface dvr
route outside ISP_Gateway
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host
aaa-server RADIUS (inside) host
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa accounting enable console RADIUS
aaa authorization exec LOCAL
http server enable
http redirect outside 80
snmp-server host
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp inside
sysopt noproxyarp outside
sysopt noproxyarp inside-remote
sysopt noproxyarp dvr
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 60
ssh stricthostkeycheck
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0

priority-queue inside
queue-limit 260
tx-ring-limit 3
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server prefer
ntp server
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.11004-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-3.1.11004-k9.pkg 2
anyconnect enable
tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
dns-server value
vpn-idle-timeout 120
vpn-idle-timeout alert-interval 30
vpn-session-timeout 180
vpn-filter value VPN-FILTER
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_AnyConnect_Split_Tunnel
default-domain value my_domain
split-dns value My_Domain
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer installed
anyconnect ssl keepalive 300
anyconnect dpd-interval client 60
anyconnect dpd-interval gateway 60
anyconnect ask none default anyconnect

tunnel-group TG_AnyConnect type remote-access
tunnel-group TG_AnyConnect general-attributes
address-pool Pool_VPN
accounting-server-group RADIUS
default-group-policy AnyConnect
tunnel-group TG_AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group-map default-group TG_AnyConnect
!
class-map global-class
match access-list global_mpc
class-map cos_5
match precedence 5
class-map inspection_default
match default-inspection-traffic
class-map ef_voice
match access-list voice_out
class-map voice_ef
match dscp ef
!
!
policy-map shape-priority-inside-policy
class voice_ef
priority
class class-default
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect ip-options
inspect netbios
inspect rsh
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp
class global-class
flow-export event-type all destination
class class-default
user-statistics accounting
policy-map qos_inside
class cos_5
priority
class ef_voice
priority
class class-default
policy-map priority-policy
class voice_ef
priority
policy-map shape-priority-policy
class class-default
shape average 19000000
service-policy priority-policy
!
service-policy global_policy global
service-policy shape-priority-inside-policy interface inside
service-policy shape-priority-policy interface inside-remote
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services...
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:394a0baf99a4d85e13de770d38c6c07e
: end

no asdm history enable

RE: Bandwidth in Cisco ASA 5505

ASA 5505 should definitely be able to handle up to 150m of stateful inspection, according to the specs. Are you measuring the throughput over Ethernet or Wi-Fi?

RE: Bandwidth in Cisco ASA 5505

(OP)
Hi, thanks for the comment.

I have figured it out. I just needed to increase the queue-limit to max and also the tx-ring-limit to 160 based on the computation guide
from this link:
https://www.cisco.com/c/en/us/td/docs/security/asa...

Thanks again!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close