I have a CSS configured for server failover in one armed mode on the ouside Interface of PIX firewall.
During failover the secondary server is at DR site, so data path is through PIX to inside network across DS3 to DR PIX DMZ.
The path from PIX through inside network to PIX is encapsulated in a VPN tunnel for security of client information.
The secondary during failover is extremely slow from Internet.
I am thinking there could be an MTU issue and fragmentation.
pinging with "do not fragment" flag set shows only 990 bytes getting through without fragmentation.
Is there anything that can be done on the PIX to help this issue?