Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.3 traffic flow issue - URGENT

Hi all,

I have been thrust into supporting a PIX running version 6.3 which has just been given a new internet link on its outside interface. They now have problems with speed to the Internet and trouble sending large attachments or files outside. I have pinged to the inside interface with 100% success using both small and large packets (100 bytes - 1500 bytes). However, when I ping to the Internet peer which is directly connected via 10MB/Full ethernet, I get several "request timed out" replies when pinging with packets over 1150 bytes. Running "capture" on the PIX does not reveal anything and all my searching on Cisco has not turned up anything relevant to 6.3. I am loathe to complete a image upgrade at this point as they argue it was working before. Does anyone have any idea why the PIX seems to be causing this slowdown. I have thought of MSS and windowing sizes but can't see how to verify or change this. I have adjusted MTU size on the outside interface to see if that has any effect but no. I have also disabled any traffic rate limiting on the Internet side that I am pinging so this isn't the cause either. Quite simply, I have a user inside, a PIX, then a router and I can't get a successful string of 20 pings bigger than 1150 bytes from the user to the router. HELP URGENTLY as this is affecting all their outside applications. Thanks in advance to any replies.


Re: PIX 6.3 traffic flow issue - URGENT


Firstly - if the only thing that has changed is the new provider circuit and equipment the likely hood the issue is there.

Try using a tool mtu route -

This will indicate issues on MTU/MSS going thru your firewall to eliminate the device as a possible bottle neck.

Also check the outside interface to see if you have any input/output errors.