[英]Not getting expected throughput on Cisco ASA 5506-X
I have a Cisco ASA 5506-X running version 9.9(2).我有一台运行版本 9.9(2) 的 Cisco ASA 5506-X。 I recently upgraded my inte.net to gigabit speeds (in reality about 750 - 850 Mbps).
我最近将我的 inte.net 升级到千兆位速度(实际上大约为 750 - 850 Mbps)。 However, my ASA was only allowing throughput of about 200Mbps.
但是,我的 ASA 只允许大约 200Mbps 的吞吐量。 I thought that the ASA would allow throughput up to 750Mbps.
我认为 ASA 允许高达 750Mbps 的吞吐量。
Troubleshooting steps:故障排除步骤:
Can you help me figure out why I'm not getting better throughput?你能帮我弄清楚为什么我没有获得更好的吞吐量吗?
Show Version:显示版本:
Cisco Adaptive Security Appliance Software Version 9.9(2)36
Firepower Extensible Operating System Version 2.3(1.122)
Device Manager Version 7.16(1)150
Compiled on Wed 12-Dec-18 16:53 PST by builders
System image file is "disk0:/asa992-36-lfbff-k8.SPA"
Config file at boot was "startup-config"
ciscoasa up 16 secs
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is b0c5.3cfa.25d8, irq 255
2: Ext: GigabitEthernet1/2 : address is b0c5.3cfa.25d9, irq 255
3: Ext: GigabitEthernet1/3 : address is b0c5.3cfa.25da, irq 255
4: Ext: GigabitEthernet1/4 : address is b0c5.3cfa.25db, irq 255
5: Ext: GigabitEthernet1/5 : address is b0c5.3cfa.25dc, irq 255
6: Ext: GigabitEthernet1/6 : address is b0c5.3cfa.25dd, irq 255
7: Ext: GigabitEthernet1/7 : address is b0c5.3cfa.25de, irq 255
8: Ext: GigabitEthernet1/8 : address is b0c5.3cfa.25df, irq 255
9: Int: Internal-Data1/1 : address is b0c5.3cfa.25d7, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is b0c5.3cfa.25d7, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 30 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 160 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5506 Security Plus license.
Serial Number: JXXXXXXXXXX
Running Permanent Activation Key: 0x1A1A1A1A 0x2B2B2B2B 0x3C3C3C3C 0x4D4D4D4D 0x5E5E5E5E
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.
Config配置
ASA Version 9.9(2)36
!
hostname ciscoasa
enable password xxxxxxxxxxxxxxxxxxxxxxx pbkdf2
passwd xxxxxxxxxxxx. encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 172.16.254.1 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list INBOUND extended permit icmp any any echo-reply
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
nat (inside,outside) after-auto source dynamic any interface
access-group INBOUND in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 172.16.254.0 255.255.255.0 inside
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns <my ISP DNS server 1> <my ISP DNS server 2>
dhcpd option 3 ip 172.16.254.1
!
dhcpd address 172.16.254.33-172.16.254.221 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username myuser password xxxxxxxxxxxx pbkdf2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:7bf6464dd03896f00321926e98426397
what is the CPU usage? CPU 使用率是多少? also post here
show interface gi1/1
也在这里发布
show interface gi1/1
Also try configuring manually on outside duplex full
and speed auto
or speed 1000
but before doing that post the stats of the outside interface first还可以尝试在外部
duplex full
和speed auto
或speed 1000
上手动配置,但在此之前先发布外部接口的统计信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.