Performance problem copying files between PIX515 subnets
We have PIX 515UR setup with 5 interfaces. Inside, Outside, DMZ1,DMZ2 and DMZ3. We have PIX configured to allow clients on inside interface (192.168.1.x) to access machines on DMZ3 (192.168.3.x). Using explorer in WinXP client, I open up window using admin share to a remote Win2000 server (\\192.168.3.3\c). Then I browse to a folder and copy/paste it to my local c: drive. The copy of a 10MB file may take 12 minutes?? If I plug my machine into the DMZ3 subnet and conduct the same test, it copies in 5 seconds. Simple test which indicates the PIX is the bottleneck. Anything configuration changes we can do to speed things up?
Our hardware is a PIX-515E with 32MB of RAM and CPU is a Pentium II 433 Mhz running PIX 6.3(5) software release.
Re: Performance problem copying files between PIX515 subnets
Great question. I tested a file copy/paste from for one other DMZ and had NO problem. This is a good sign! I copied a 23MB folder with 435 files in 14 subfolders in less than 5 seconds.
This indicates the problem is not inherent in our PIX hardware as it's serveral years old). Here's some more INFO...
Interface 4 on the PIX is the DMZ we are having trouble with. This subnet exists exists because of a specific VENDOR application called TripPak (document mgmt system). What makes this subnet unique in our environment is it has a Vendor supplied and managed router (Cisco 2801)for establishing a secure tunnel from this subnet back to their corporate network. The server we are copying files/data is effectively a file server (192.168.3.3) running windows 2000 server. It's default route is to the vendor's router (192.168.3.2), NOT to the PIX interface (192.168.3.1).
You asked about interface stats. Below is "show interface 4" cmd output. Don't see any crc or other error's.
HQ515-Primary# show int 4
interface ethernet4 "trippak-dmz" is up, line protocol is up
Hardware is i82559 ethernet, address is 000d.8811.65ba
IP address 192.168.3.1, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
44759110 packets input, 1550253203 bytes, 0 no buffer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...