I'm having traffic performance issues on a PIX 515e, where traffic from inside to DMZ is considerably slower than traffice from DMZ to inside. Currently there is no filtering between the two interfaces (both set at 100). The only errors I could see were collisions, late collisions and deferred on the inside interface (e1). ...any thoughts?
thanks ...I changed the speed from auto to 100/full and now the collisions are gone. I'm still having performance issues, when I copy a file from the dmz to the inside it takes 2 seconds, when copying the same file from the inside to the dmz it takes about 45 seconds (?) ...any more thoughts? ...also, I'm version 7.0
If you hardcode the interface on one side, then you MUST also hardcode it on the peer side. Speed can be sensed, but duplex must be negotiated.
The reason your collisions went away is that there are no collisions in a full-duplex environment. However, if you did not hardcode the peer to 100/full as well, then it will be doing half-duplex and you will have a duplex mismatch.
Setting both sides to 'auto' is typically your best bet, or you can hardcode BOTH sides to the same speed/duplex.
With the duplex issue resolved, if you are still seeing different rates of transfer I think the best thing to look at is both the syslogs as well as packet captures on both interfaces to see where the delay is coming from.
I'm copying a 6meg. file from a computer on the dmz to a computer on the inside and through mapped drives doing the opposite. I have the dmz and inside interface security levels set to 100 with no policies. Output of asp drop:
Sorry, I did not mean to imply that. Hardcoding the speed/duplex on both adjacent endpoints should yeild the same exact results as setting both endpoints to 'auto'. If it does not, then it would be a bug. And yes, in the past there have been corner-case bugs in both catageories (hard-coding, and setting to auto). But those are typically well behind us in the past.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...