ASA5515-X slowing down traffic - adding latency

[Dieselboy]

I've had high latency issues and time outs this week. Symptoms were high latency and occasional timeouts to internet hosts. And from the internet accessing resources at the office, the same thing. Sometimes up to 1000ms latency. I traced this back and found if I pinged our internet router from the internet, latency from my home was 22ms and quite a solid 22ms. If I pinged through the router to the primary ASA I found latency around 150ms on average with peaks up to 1000ms and drops. I do have service policy inspection enabled some some minimal necessary rules but not for HTTP. I logged into the standby ASA and issued fail active. Immediately, the latency returned to normal with no drops. All links are 1GB Full Duplex.

I'm running ASA version 9.3(2)2

Has anyone seen anything like that before? I have but it was only web traffic and was due to HTTP inspection being enabled on a ASA5505.

[Reggle]

Haven't seen that before. Are you seeing high CPU usage on that ASA?
If yes, find what's causing it.
If no, check interface errors.

[LynK]

Haven't seen that before. Are you seeing high CPU usage on that ASA?
If yes, find what's causing it.
If no, check interface errors.

If no interface errors call your ISP. Have them pull stats on the interface. Make sure to include traceroutes to the targeted systems so you can see where the latency/drops are occurring.