Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Slow SSL Connection through the PIX520 - Pix or Proxy Problem?

For accessing the internet we have a proxy in our LAN (Authentification proxy) and one in our DMZ1. The second proxy is performing as a normal proxy server, located in our DMZ2.

The ISP's Internet router is located in our DMZ3. Whenever accessing an SSL-Site, the connection is awfully slow and eventually timeouts do occur.

Is there any chance to "speed up" the Firewalls' SSL-performance or is it rather a Proxy related problem?

Your help would be greatly appreciated!

Best regards,



Re: Slow SSL Connection through the PIX520 - Pix or Proxy Proble

The firewall is not involved in the SSL session at all. At least, not any more than it would be with a telnet or HTTP session. It's sill just another packet to the pix,--it's either allowed or denied.

What does "normal proxy" mean for DMZ1? How is that different than the DMZ2 proxy? You have three proxies then? LAN (I'm guessing you meant inside) DMZ1 and DMZ2

The problem is probably with your proxy servers. Unless the interface on the firewall to the switch/server/router is experiencing errors as is frequent due to mismatched duplex problems.

New Member

Re: Slow SSL Connection through the PIX520 - Pix or Proxy Proble

I was making a mistake describing the problem: one Proxy is located in the LAN as an authentification Proxy. It decides, which user is allowed to access the internet - via the "real" proxy in the DMZ.

Opening a browser on the "real" (DMZ) Proxy, we do not encounter problems with SSL. We'll check on the configurations now.

Thank you for your quick response.