×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Network Delay

Unanswered Question

Iam using Cisco Pix 501. Whenever i use network commands it get some delay in response. For example if I connect to network drive using net use command i get 4/5 second delay then the commands executes. Or if i open my maped drived it get some delay & then the drive opens. Is there any specific reason why we get these delay?

Iam connecting firewall directly to my network which uses DNS for name query. Ours is pure IP network with windows 2003 server DHCP/DNS/Domain Controller. All the switches, routers, Network cards are on Gagabit capacity. Below is the configuration of my firewall:


PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxx encrypted

passwd xxxxxxx encrypted

hostname pixfirewall

domain-name testing.edu

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.129 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxxx

: end



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Sat, 11/12/2005 - 15:42
User Badges:
  • Gold, 750 points or more

according to the posted config, there is no lan-lan vpn or remote vpn access, so i am assuming the traffic you are having issue with is within the pix inside net.


if so, then pix is pretty much out of the picture. the reason being traffic within the same net will not be processed by the pix at all.


e.g a pc (192.168.1.100) is initiating a drive mapping with a server (192.168.1.200). firstly, the pc will send an arp request in order to obtain the server mac address. once the mac address of the server is avaliable, the pc will then forward the packet directly to the server.

jackko Sun, 11/13/2005 - 14:06
User Badges:
  • Gold, 750 points or more

the issue may be related to the pix outside interface speed and duplex.


do "sh int" to identify the current speed and duplex. i believe by applying the keyword auto, it would yield 10 half only, which may not be compatible to the gigabit devices.


e.g.

pix# sh int

interface ethernet0 "outside" is up, line protocol is up

Hardware is ixxxx9 ethernet, address is xxxx.xxxx.e285

IP address xxx.xxx.xxx.101, subnet mask 255.255.255.255

MTU 1492 bytes, BW 10000 Kbit half duplex


pix# conf t

pix(config)# int e0 100f

pix(config)# sh int

interface ethernet0 "outside" is up, line protocol is up

Hardware is ixxxx9 ethernet, address is xxxx.xxxx.e285

IP address xxx.xxx.xxx.101, subnet mask 255.255.255.255

MTU 1492 bytes, BW 100000 Kbit full duplex


jackko Tue, 11/15/2005 - 14:53
User Badges:
  • Gold, 750 points or more

i was just reading another conversation, and the netpro suggested that the command "sysopt noproxyarp " may resolve odd connectivity issue.


Actions

This Discussion