[c-nsp] ASA 5550 url-filtering capacity
Rick Ernst
cnsp at shreddedmail.com
Mon Dec 5 15:23:03 EST 2011
We are running into "slow web sites" and random/incorrect 403's on a
5550 as an internet gateway doing NAT for an enterprise with upwards
of 40,000 users.
CPU is hitting 80-90% with url-filter enabled vs 30-35% without. I'm
trying to point to a platform/performance limitation, but I can't find
anything specifically for url-filtering capacity on the ASA platform.
We've maxed at url-block/url-memblock and tried increasing the number
of concurrent connection from 8 to 50 (and back down to 25). The more
connections we enable seems to help, but we are still seeing sluggish
performance with url-filtering (to Websense on a local interface)
enabled.
Any pointers to actual "useful capacity" on a 5550?
Thanks,
Rick
More information about the cisco-nsp
mailing list