We have a Pix 515E that was installed last November and in just the last 5-7 weeks we have been noting a massive speed decrease on through put. After much trouble shooting it turns out to be the Pix causing the problems.
We upgraded to OS 7 about 2-3 weeks ago so that our VPN clients could access the server over the Point-to-Point VPN tunnel with our other office. But the problem started before that, but has gotten a little worse after the upgrade(it seems).
According to the Pix you are doing mostly TCP and HTTP connections. (according to show perfmon and show counters).
How do I see the avg packet size and what inspections we use?
Yes, as < bjames > told it allready. If you change from half duplex to full duplex then all the collisions will disappear.
As an example, say your switch is hard-coded for 100 Mbps and full-dupex, and you connect your PIX into it, with the PIX's interface set to autonegotiation. The PIX sends out FLPs, but the switch doesn't respond because it is hard-coded for speed/duplex and doesn't participate in autonegotiation. Receiving no response from the switch, the PIX goes into Parallel Detection mode and senses the length of the pulses in the frames the switch is sending out. Thus the PIX can sense that the switch is set to 100 Mbps, so it sets its interface speed accordingly. However, because the switch will not exchange FLPs, the PIX has no way of knowing if the switch is capable of running full-duplex, so the PIX sets its interface duplex to half-duplex, per the standard. But the switch is hard-coded to 100 Mbps and full-duplex, and the PIX has just autonegotiated to 100 Mbps and half-duplex (as it should). The result is a duplex mismatch that will cause severe performance problems.
The only thing that I find really strange is that you have late collisions. This is usually a cabling problem, the cable length us longer than 100 meters an cause that late collisions.
Can you post or upload your config? Like the other guys said...hardcoding 100/full on the pix interface will definitely fix this. What you also need to do is make sure you hard code it all the way through.. Hard code it on the edge router, the pix, the switch, and then the ftp server. It might seem tedious but auto-negotiation has been an evil thing to all of us. I hard code everything. There are definite improvements when this is done.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...