I have many users .users gateway router and router is connected to pix firewall and pix firewall is connected to outside router. after install 515 firewall no problem but suddenly some of days in peak time when user go want outside then connection is slow. for test purpose i ping pix inside i found packet drop but when i ping inside router interface then no ping drop. and agin offpick hour no ping drop . so it is the problem of pix firewall or a lot of packet generated in LAN ??
pls let me know someone whats the reason or what can i do .
Without visibility to your pix and router config, it's hard to tell. It could be due many reasons. Anyway, how's the connection between PIX inside interface and inside router - direct via cross-over cable or through switch/hub? What's the speed/duplex set on your PIX inside and inside router interface? Have you try to change the network cable?
Can you issue "show interfaces" on your PIX, and check the counter for errors and so on?
Cisco pix firewalls do not respond to ping attempts directly to their interfaces by default, this is to ensure the firewall itself does not get hit by a denial of service attack. Dependant on your rule base you may or may not be able to ping through the pix. If you have permitted ICMP then you will be able to ping through the pix. To determine if this is a problem or a network utilisation issue then I would recommend during a slow period pinging the outside router from the inside, this will provide you with a baseline for performance. When the slowness occurs again run the same test. If you notice the response is a lot slower then you will be able to localise the issue, otherwise you need to look elsewhere in your network. How big is you outside link, is it possible that this is simply being overloaded by the amount of traffic at peak times??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...