Hi Guys,
Need your help. We upgraded our bandwidth speed to 100mb down 100mb up, but our ASA 5505 is only getting 30mb-40mb down and 40mb-50mb up. I have also remove the traffic shaping in the interfaces.
please see below current running configuration, I removed the IP addresses and Access-list.
Thank you in advance
Allen
###################################
:
: Serial Number:
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.1(6)10
!
hostname ASA
domain-name My_DNS
enable password encrypted
names
ip local pool Pool_VPN
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 3
switchport mode trunk
!
interface Ethernet0/3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 1
switchport mode trunk
!
interface Ethernet0/4
switchport access vlan 4
switchport trunk allowed vlan 1-6
switchport trunk native vlan 4
switchport mode trunk
!
interface Ethernet0/5
switchport access vlan 6
switchport trunk allowed vlan 1-6
switchport trunk native vlan 6
switchport mode trunk
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address Internal_IP_Subnet1
!
interface Vlan2
description ###Internet###
nameif outside
security-level 0
ip address Publi_IP
!
interface Vlan3
nameif inside-remote
security-level 100
ip address Internal_IP_Subnet2
!
interface Vlan4
nameif guestwifi
security-level 2
ip address Internal_IP_Subnet3
!
interface Vlan5
nameif dmz
security-level 1
ip address Internal_IP_Subnet4
!
interface Vlan6
nameif dvr
security-level 100
ip address Internal_IP_Subnet5
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name My_domain
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging timestamp
logging buffer-size 1048576
logging buffered debugging
logging trap errors
logging asdm critical
logging debug-trace
logging permit-hostdown
mtu inside 1500
mtu outside 1500
mtu inside-remote 1500
mtu guestwifi 1500
mtu dmz 1500
mtu dvr 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any inside-remote
asdm image disk0:/asdm-751.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic OG_RFC1918 interface inactive
nat (inside-remote,outside) source dynamic OG_RFC1918 interface inactive
nat (guestwifi,outside) source dynamic any interface inactive
nat (dmz,outside) source dynamic any interface inactive
nat (dvr,outside) source dynamic OG_RFC1918 interface inactive
nat (any,any) source static OG_RFC1918 OG_RFC1918 no-proxy-arp inactive
!
object network 4080_Network
nat (any,outside) dynamic interface
object network 5268_Network
nat (any,outside) dynamic interface
object network DMZ_NETWORK
nat (any,outside) dynamic interface
object network GUESTWiFI_Network
nat (any,outside) dynamic interface
object network CWDDockworld
nat (inside,outside) static interface service tcp
object network NiagUI
nat (inside,outside) static interface service tcp
object network NiagUI_Production
nat (inside,outside) static interface service tcp
!
nat (any,any) after-auto source static VPN VPN
access-group ACL_inside in interface inside
access-group ACL_outside in interface outside
access-group ACL_inside-remote in interface inside-remote
access-group guest_wifi in interface guestwifi
access-group guest_wifi out interface guestwifi
access-group dmz_out in interface dmz
access-group dmz_out out interface dmz
access-group dvr_access_in in interface dvr
access-group dvr_access_in out interface dvr
route outside ISP_Gateway
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host
aaa-server RADIUS (inside) host
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa accounting enable console RADIUS
aaa authorization exec LOCAL
http server enable
http redirect outside 80
snmp-server host
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp inside
sysopt noproxyarp outside
sysopt noproxyarp inside-remote
sysopt noproxyarp dvr
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 60
ssh stricthostkeycheck
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
priority-queue inside
queue-limit 260
tx-ring-limit 3
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server prefer
ntp server
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.11004-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-3.1.11004-k9.pkg 2
anyconnect enable
tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
dns-server value
vpn-idle-timeout 120
vpn-idle-timeout alert-interval 30
vpn-session-timeout 180
vpn-filter value VPN-FILTER
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_AnyConnect_Split_Tunnel
default-domain value my_domain
split-dns value My_Domain
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer installed
anyconnect ssl keepalive 300
anyconnect dpd-interval client 60
anyconnect dpd-interval gateway 60
anyconnect ask none default anyconnect
tunnel-group TG_AnyConnect type remote-access
tunnel-group TG_AnyConnect general-attributes
address-pool Pool_VPN
accounting-server-group RADIUS
default-group-policy AnyConnect
tunnel-group TG_AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group-map default-group TG_AnyConnect
!
class-map global-class
match access-list global_mpc
class-map cos_5
match precedence 5
class-map inspection_default
match default-inspection-traffic
class-map ef_voice
match access-list voice_out
class-map voice_ef
match dscp ef
!
!
policy-map shape-priority-inside-policy
class voice_ef
priority
class class-default
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect ip-options
inspect netbios
inspect rsh
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp
class global-class
flow-export event-type all destination
class class-default
user-statistics accounting
policy-map qos_inside
class cos_5
priority
class ef_voice
priority
class class-default
policy-map priority-policy
class voice_ef
priority
policy-map shape-priority-policy
class class-default
shape average 19000000
service-policy priority-policy
!
service-policy global_policy global
service-policy shape-priority-inside-policy interface inside
service-policy shape-priority-policy interface inside-remote
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:394a0baf99a4d85e13de770d38c6c07e
: end
no asdm history enable
Need your help. We upgraded our bandwidth speed to 100mb down 100mb up, but our ASA 5505 is only getting 30mb-40mb down and 40mb-50mb up. I have also remove the traffic shaping in the interfaces.
please see below current running configuration, I removed the IP addresses and Access-list.
Thank you in advance
Allen
###################################
:
: Serial Number:
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.1(6)10
!
hostname ASA
domain-name My_DNS
enable password encrypted
names
ip local pool Pool_VPN
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 3
switchport mode trunk
!
interface Ethernet0/3
switchport trunk allowed vlan 1-6
switchport trunk native vlan 1
switchport mode trunk
!
interface Ethernet0/4
switchport access vlan 4
switchport trunk allowed vlan 1-6
switchport trunk native vlan 4
switchport mode trunk
!
interface Ethernet0/5
switchport access vlan 6
switchport trunk allowed vlan 1-6
switchport trunk native vlan 6
switchport mode trunk
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
nameif inside
security-level 100
ip address Internal_IP_Subnet1
!
interface Vlan2
description ###Internet###
nameif outside
security-level 0
ip address Publi_IP
!
interface Vlan3
nameif inside-remote
security-level 100
ip address Internal_IP_Subnet2
!
interface Vlan4
nameif guestwifi
security-level 2
ip address Internal_IP_Subnet3
!
interface Vlan5
nameif dmz
security-level 1
ip address Internal_IP_Subnet4
!
interface Vlan6
nameif dvr
security-level 100
ip address Internal_IP_Subnet5
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name My_domain
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging timestamp
logging buffer-size 1048576
logging buffered debugging
logging trap errors
logging asdm critical
logging debug-trace
logging permit-hostdown
mtu inside 1500
mtu outside 1500
mtu inside-remote 1500
mtu guestwifi 1500
mtu dmz 1500
mtu dvr 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any inside-remote
asdm image disk0:/asdm-751.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic OG_RFC1918 interface inactive
nat (inside-remote,outside) source dynamic OG_RFC1918 interface inactive
nat (guestwifi,outside) source dynamic any interface inactive
nat (dmz,outside) source dynamic any interface inactive
nat (dvr,outside) source dynamic OG_RFC1918 interface inactive
nat (any,any) source static OG_RFC1918 OG_RFC1918 no-proxy-arp inactive
!
object network 4080_Network
nat (any,outside) dynamic interface
object network 5268_Network
nat (any,outside) dynamic interface
object network DMZ_NETWORK
nat (any,outside) dynamic interface
object network GUESTWiFI_Network
nat (any,outside) dynamic interface
object network CWDDockworld
nat (inside,outside) static interface service tcp
object network NiagUI
nat (inside,outside) static interface service tcp
object network NiagUI_Production
nat (inside,outside) static interface service tcp
!
nat (any,any) after-auto source static VPN VPN
access-group ACL_inside in interface inside
access-group ACL_outside in interface outside
access-group ACL_inside-remote in interface inside-remote
access-group guest_wifi in interface guestwifi
access-group guest_wifi out interface guestwifi
access-group dmz_out in interface dmz
access-group dmz_out out interface dmz
access-group dvr_access_in in interface dvr
access-group dvr_access_in out interface dvr
route outside ISP_Gateway
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host
aaa-server RADIUS (inside) host
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa accounting enable console RADIUS
aaa authorization exec LOCAL
http server enable
http redirect outside 80
snmp-server host
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp inside
sysopt noproxyarp outside
sysopt noproxyarp inside-remote
sysopt noproxyarp dvr
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 60
ssh stricthostkeycheck
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
priority-queue inside
queue-limit 260
tx-ring-limit 3
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server prefer
ntp server
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.11004-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-3.1.11004-k9.pkg 2
anyconnect enable
tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
dns-server value
vpn-idle-timeout 120
vpn-idle-timeout alert-interval 30
vpn-session-timeout 180
vpn-filter value VPN-FILTER
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_AnyConnect_Split_Tunnel
default-domain value my_domain
split-dns value My_Domain
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer installed
anyconnect ssl keepalive 300
anyconnect dpd-interval client 60
anyconnect dpd-interval gateway 60
anyconnect ask none default anyconnect
tunnel-group TG_AnyConnect type remote-access
tunnel-group TG_AnyConnect general-attributes
address-pool Pool_VPN
accounting-server-group RADIUS
default-group-policy AnyConnect
tunnel-group TG_AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group-map default-group TG_AnyConnect
!
class-map global-class
match access-list global_mpc
class-map cos_5
match precedence 5
class-map inspection_default
match default-inspection-traffic
class-map ef_voice
match access-list voice_out
class-map voice_ef
match dscp ef
!
!
policy-map shape-priority-inside-policy
class voice_ef
priority
class class-default
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect ip-options
inspect netbios
inspect rsh
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp
class global-class
flow-export event-type all destination
class class-default
user-statistics accounting
policy-map qos_inside
class cos_5
priority
class ef_voice
priority
class class-default
policy-map priority-policy
class voice_ef
priority
policy-map shape-priority-policy
class class-default
shape average 19000000
service-policy priority-policy
!
service-policy global_policy global
service-policy shape-priority-inside-policy interface inside
service-policy shape-priority-policy interface inside-remote
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:394a0baf99a4d85e13de770d38c6c07e
: end
no asdm history enable