Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
5
Helpful
6
Replies

bandwidth after setting pix is terrible

Go to solution
WILLIAM STEGMAN
Level 4
Level 4

‎10-25-2005 06:14 PM - edited ‎02-21-2020 12:29 AM

I'm getting terrible bandwidth results after setting up a pix 501. I'm using cable, and my bandwidth is more like dialup. I've tried downloading some files, and visited sites like bandwidthspeedtest.com

I've disassociated the interfaces with the ip audit rules that were applied, and have used the PDM to monitor it. It's memory and cpu resources are fine, and there is nothing unusual about the traffic status. Attached is my config, perhaps I missed something that you could point out to me?

thank you,

Bill

Preview file
27 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Iseli
Level 7
Level 7

‎10-26-2005 05:23 AM

Have you also verified that the outside router or cablemodem has the same linkspeed and duplex settings as the PIX ?

Most of the performance issues are caused by that.

A duplex mismatch is most frequently revealed by increasing error counters on the interfaces in question. The most common errors are Frame, CRC, and Runts. If these values are incrementing on your interface, you either have a duplex mismatch or a cabling issue. Resolve this issue before you do anything else.

You have set: 10MB Fullduplex

Take a look at your interface to see if you have errors.

show interface

Might be also a good test to see if it is better in 10MB Half Duplex even if that creates Collisions.

Note: Set both devices to a fixed speed and duplex, the same of course or use auto negotiation on both.

See also: Monitoring PIX Performance

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

sincerely

Patrick

View solution in original post

6 Replies 6

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎10-25-2005 10:15 PM

Only thing I can see is try turning off the HTTP fixup with:

no fixup protocol http 80

This fixup is useless unless your filtering java/activex or using a Websense filtering type of server, which you're not, so all it's currently doing is slowing HTTP packets down since the 501 will still try and inspect them.

0 Helpful

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to gfullage

‎10-26-2005 09:48 AM

no change after disabling http fixup. I swapped out switches and cables to rule out a hardware issue, still no change, and verified that my WAP/router didn't have a firewall configured on it.

0 Helpful

Go to solution
mgaysek
Level 1
Level 1

‎10-26-2005 04:51 AM

I had the same problem. After visiting many bandwidth sites I determined that the pix does not work well with these tests. I found a wide range of test results from as low as 98k to as high as 1500k. I also removed my pix and tested dirrectly with my laptop connected to the cable modem and test results were much higher, 5mbs in some instances.

Keep in mind that I never experienced performance issues when connecting to the internet.

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7

‎10-26-2005 05:23 AM

Have you also verified that the outside router or cablemodem has the same linkspeed and duplex settings as the PIX ?

Most of the performance issues are caused by that.

A duplex mismatch is most frequently revealed by increasing error counters on the interfaces in question. The most common errors are Frame, CRC, and Runts. If these values are incrementing on your interface, you either have a duplex mismatch or a cabling issue. Resolve this issue before you do anything else.

You have set: 10MB Fullduplex

Take a look at your interface to see if you have errors.

show interface

Might be also a good test to see if it is better in 10MB Half Duplex even if that creates Collisions.

Note: Set both devices to a fixed speed and duplex, the same of course or use auto negotiation on both.

See also: Monitoring PIX Performance

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

sincerely

Patrick

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to Patrick Iseli

‎10-26-2005 05:30 PM

That was it. There were hundreds of input erros on the outside interface. Changed the interface to auto, and am now getting great download speeds.

3347 Kbps, compared to 53 Kbps yesterday.

Thank you very much

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to WILLIAM STEGMAN

‎10-26-2005 05:34 PM

I have seen this problem multiple times and it was always related to duplex problems.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card