Update: after some speed testing, there us a 45-60% slowdown on either connection going through the Asa as opposed to just the switch.
Sent from my iPhone Begin forwarded message: > From: Deny IP Any Any <[email protected]> > Date: December 15, 2010 1:16:26 PM EST > To: Marshall <[email protected]> > Subject: Re: Firewall advice > > This sounds very odd: > > "Of note: the port on the 2950 connected to colo is hard set to > 100/full, but colo says their side is auto at 100/half" > > Either both sides need to be hard set, or both sides set to auto/auto; > if both are set to auto and they don't come up at 100/full, then you > likely have a cabling problem. > > I'm running 8.0(5)20 on all of my ASAs with great results. > > On Wed, Dec 15, 2010 at 1:10 PM, Marshall <[email protected]> wrote: >> Asa 8.0(3). We changed providers from a DS-3 from Smoothstone to a 10Mb >> connection from Colo5, and we are getting only about half of the bandwidth. >> I hooked up a laptop to the outside 2950, and got full speed, but behind the >> Asa, only about 5Mb. >> >> Of note: the port on the 2950 connected to colo is hard set to 100/full, but >> colo says their side is auto at 100/half >> >> On another interface on the Asa, our smoothstone still gets about 28Mb on a >> speed test - not sure what max speed should be, but we were only supposed to >> be getting 20. >> >> There was no change with the IPS module shut down >> >> We are not seeing any errors other than a random port scan. >> >> I had colo change their side to 100/full hard set, and it dropped our >> connection and started throwing errors on the outside 2950. >> >> Our colo side is set up (by colo) on VRRP. >> >> I can send a config if it would help. >> >> Sent from my iPhone >> >> Begin forwarded message: >> >>> From: Deny IP Any Any <[email protected]> >>> Date: December 15, 2010 12:13:00 PM EST >>> To: Marshall <[email protected]> >>> Subject: Re: Firewall advice >>> >> >>> I'm sure I can help; I manage about 6 sets of ASAs here in >>> Jacksonville. What version of code are you running on it, and can you >>> give more details on the issue? >>> >>> -- >>> deny ip any any (4393649193 matches) >>> >>> >>> >>> On Wed, Dec 15, 2010 at 12:06 PM, Marshall <[email protected]> wrote: >>>> Hey all, >>>> Our cisco 5520 is out of smartnet coverage and posing a strange bandwidth >>>> limiting issue. We would be looking at about $1400 for a memory upgrade >>>> and smartnet to call in cisco techs. I will be glad to provide details on >>>> the issue if anyone wants to take a stab at it. My question, though, is >>>> has anyone setup smoothwall, monowall, or similar for a business and what >>>> the cost would be? We have a /26 subnet and do use a dmz - we currently >>>> have maybe 25 holes for workstation access set by nat. I would like to >>>> avoid paying cisco, but that's what it's looking like right now. TIA! >>>> >>>> Sent from my iPhone >>>> --------------------------------------------------------------------- >>>> Archive http://marc.info/?l=jaxlug-list&r=1&w=2 >>>> RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml >>>> Unsubscribe [email protected] >>>> >>>> >> > > > > -- > deny ip any any (4393649193 matches)
