- Posts: 12
- Thank you received: 0
slow lookups w/ new 5505
16 years 7 months ago #25534
by Ender
slow lookups w/ new 5505 was created by Ender
Hi,
I have a 5505 that I just installed w/o doing much of anything to the config.
The problem is that the web pages load really slow, which didn't occur before I swapped out my firewall. It's like it's taking a long time to do the lookup. I've got dns entries which it picked up from my comcast modem, which are the same dns servers I've always used so I'm not sure why the lookups seem to be taking so long.
I'm posting my config below and if anyone has ideas, much appreciated.
[code:1]
ciscoasa# sho running-config
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password A9//BHDQsDKTXgm7 encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd A9//BHDQsDKTXgm7 encrypted
ftp mode passive
dns server-group DefaultDNS
name-server 73.214.34.205
name-server 68.87.85.98
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.11 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
!
!
prompt hostname context
Cryptochecksum:000ea2d63d70ecc1dc1942502be8d728
: end
[/code:1]
And if anyone sees where any of this can be improved, please let me know.
I have a 5505 that I just installed w/o doing much of anything to the config.
The problem is that the web pages load really slow, which didn't occur before I swapped out my firewall. It's like it's taking a long time to do the lookup. I've got dns entries which it picked up from my comcast modem, which are the same dns servers I've always used so I'm not sure why the lookups seem to be taking so long.
I'm posting my config below and if anyone has ideas, much appreciated.
[code:1]
ciscoasa# sho running-config
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password A9//BHDQsDKTXgm7 encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd A9//BHDQsDKTXgm7 encrypted
ftp mode passive
dns server-group DefaultDNS
name-server 73.214.34.205
name-server 68.87.85.98
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.11 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
!
!
prompt hostname context
Cryptochecksum:000ea2d63d70ecc1dc1942502be8d728
: end
[/code:1]
And if anyone sees where any of this can be improved, please let me know.
16 years 7 months ago #25541
by Elohim
Replied by Elohim on topic Re: slow lookups w/ new 5505
first off...get rid of the default.domain.invalid
Hi,
I have a 5505 that I just installed w/o doing much of anything to the config.
The problem is that the web pages load really slow, which didn't occur before I swapped out my firewall. It's like it's taking a long time to do the lookup. I've got dns entries which it picked up from my comcast modem, which are the same dns servers I've always used so I'm not sure why the lookups seem to be taking so long.
I'm posting my config below and if anyone has ideas, much appreciated.
[code:1]
ciscoasa# sho running-config
: Saved
:
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password A9//BHDQsDKTXgm7 encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd A9//BHDQsDKTXgm7 encrypted
ftp mode passive
dns server-group DefaultDNS
name-server 73.214.34.205
name-server 68.87.85.98
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.11 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
!
!
prompt hostname context
Cryptochecksum:000ea2d63d70ecc1dc1942502be8d728
: end
[/code:1]
And if anyone sees where any of this can be improved, please let me know.
Time to create page: 0.120 seconds