Troubleshooting latency in a Pix 525

Unanswered Question
Jul 6th, 2007

We have a Pix 525 at our HQ that sits behind our Internet router which terminates our ISP connections. We are having throughput issues. Our connection is supposed to be 8 MB by 8 MB but we are getting 8 MB on the upload but only 1-2 MB on the download side. I have tested in front of the Pix 525 and throughput is around 6-7 MB. Behind the Pix 525 and it is much slower. The CPU utilization is around 20%. The ping tests do not show the latency. Are there commands on the Pix where I can further isolate the issue? I am running version 7.0(6). Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Fri, 07/06/2007 - 09:55

have you checked the ASA interfaces and seen any indications of packet drops?

"show interface"

mark.blanchfield Fri, 07/06/2007 - 10:01

Yes. I did not see any drops. I am looking over the show tech output at this time. Not sure if that file is too large but I believe I can attach it. Hopefully, that will reveal something about the issue. Thanks.

mark.blanchfield Mon, 07/09/2007 - 09:38

I noticed that there are dropped packets on the inside and outside interfaces. Does anyone know if the drop rate shown is normal for a Pix or this could be the source of the latency??

1 minute input rate 376 pkts/sec, 177927 bytes/sec

1 minute output rate 399 pkts/sec, 224744 bytes/sec

1 minute drop rate, 11 pkts/sec

5 minute input rate 373 pkts/sec, 230895 bytes/sec

5 minute output rate 348 pkts/sec, 149956 bytes/sec

5 minute drop rate, 14 pkts/sec


Traffic Statistics for "inside":

328872654 packets input, 92546684891 bytes

323283836 packets output, 70018126895 bytes

4926147 packets dropped

1 minute input rate 1544 pkts/sec, 352096 bytes/sec

1 minute output rate 1566 pkts/sec, 350068 bytes/sec

1 minute drop rate, 36 pkts/sec

5 minute input rate 1597 pkts/sec, 333008 bytes/sec

5 minute output rate 1646 pkts/sec, 409672 bytes/sec

5 minute drop rate, 22 pkts/sec

gglynn001 Mon, 07/16/2007 - 08:09

Hi Mark,

I am having a similar problem with a PIX-515E [running software 7.2(2)]

The internet link connected to outside interface is 10MB.

Through the firewall we are only getting an average download of between 1.8MB and 3.2MB

But if I put a laptop in front of the firewall and directly connect to 10MB internet line - we are getting download speeds of between 6.5MB and 8.5MB

There are no VPNs configured yet, no QoS (or at least it doesn't appear to make any difference).

Just wondering if you had any luck troubleshooting this ?



mark.blanchfield Mon, 07/16/2007 - 08:13


Hi. I have not isolated the source of this yet. My next step is to plug my laptop directly into the inside interface on the Pix and see if the latency is there. I ran some throughput tests this morning and I am only getting about 2-3 MB when it should be at least 5-8 MB. The ping tests do not reveal the latency. We removed our site to site VPN's off of the Pix 525 but that had little effect. No solution yet but I will let you know and please advise if you find anything out. Thanks.

gglynn001 Mon, 07/16/2007 - 08:20

Hi Mark,

I sussed it out. Its the Global Service Policy that comes as default with the software. Just remove it by

no service-policy global_policy global

And watch the speeds go straight up

I am at stage one of the IP Security learning curve, so will need to do some reading on what this global_policy is needed for




mark.blanchfield Mon, 07/16/2007 - 08:38


Thanks for the response. I removed it and it seemed to improve a little. Now I see 3-4 MB on the download instead of 2-3.


This Discussion