Does anyone have any experience with throughput problems with Windows 2003 server and pix firewalls?
We have 4 machines behind our pix 501 firewall: 2 Windows 2003, a Windows 2000, and an XP. The machines are all configured the same in the firewall.
The symptom is we get 200-300kbps throughput on the 2003 machines, and 4-6Mbps on the other 2. If we move the 2003 machines out from behind the firewall, they get the 4-6Mbps. Swapping out the NICs on the 2003 machines didn't change anything.
Anyone have any ideas or experience with what might cause this? Thanks in advance.
Re: Windows 2003 Server and pix firewall throughput
Windows 2003 DNS and Cisco Pix firewalls
This keeps coming up. Windows 2003 DNS supports large UDP packets. All but the current version of the Cisco PIX IOS have a DNS Fixup that is limited to 512 byte packets. This causes DNS lookup timeouts since the firewall drops the packets. You can:
a) turn off DNS fixup on the PIX. Not the best solution since it does offer some DNS poisoning protection.
b) turn off eDNS in Windows 2003 using the dnscmd utility from Support Tools:
dnscmd /Config /EnableEDnsProbes 0
c) upgrade to the latest PIX IOS, which adds the ability to add a maximum-length 1500 parameter to the fixup DNS configuration element.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :