Dropped packet between PIX

Unanswered Question
Oct 18th, 2007

hello,

i have some dropped packets between 2 PIX first one is PIX 525 V7 and second one is PIX 520 V6.3, there is a cisco catalyst to connect them and i can see dropped packets only on the PIX 525, how can i troubleshoot it ?

The problem is when i access to an https application behind the PIX 520 and to PDM on it, i can't display some pages and on PDM i have some time PDM was unable to contact the PIX, but for the SSH connection i have no issue.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
p-allen Sat, 11/03/2007 - 07:25

sounds like a simalar issue we are having. We use a ASA firewall that connects to our isp which also uses a firewall and are seeing alot of out of order packets. We are mainly seeing the issue with one website that sometimes everything is fine and other times we get alot of page can not be displayed. The site is saying that no one else is having an issue but us. The ISP is saying that they also see alot of out of order packets for our connections to the internet. I am wondering if this could be our issue also.

excession Sat, 11/03/2007 - 11:06

Hi Yann,

Could you describe your topology a little more? From what I understand you have the following.

PDM-----PIX525---CAT---PIX520

Does this issue only happen appear for https?

Is this a new setup or were there changes made recently?

How can you see the dropped packets?

In order to troubleshoot this issue I suggest you get captues on the PIX525 and see what exactly is being dropped. See the following link for details on the capture command

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html#wp1950270

Note you can capture based on "type asp-drop".

You could try to run a "show asp drop" before you experience the problem, the run it again after trying to display the pages you are having problems with and see what counter is increasing.

Have you Syslog? What level are logs enabled at? Maybe you could also check these logs to identify what is being dropped.Check the logs before and after a session.

sachin.verma Mon, 11/05/2007 - 20:25

Hi yann,

It looks like mtu size issue to me.Kindly check the mtu size defined on the outside and inside interfaces on pix 525 and pix 520 connecting each other on switch.

regards

Sachin Verma

Actions

This Discussion