Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows 2003 Server and pix firewall throughput

Does anyone have any experience with throughput problems with Windows 2003 server and pix firewalls?

We have 4 machines behind our pix 501 firewall: 2 Windows 2003, a Windows 2000, and an XP. The machines are all configured the same in the firewall.

The symptom is we get 200-300kbps throughput on the 2003 machines, and 4-6Mbps on the other 2. If we move the 2003 machines out from behind the firewall, they get the 4-6Mbps. Swapping out the NICs on the 2003 machines didn't change anything.

Anyone have any ideas or experience with what might cause this? Thanks in advance.

2 REPLIES
New Member

Re: Windows 2003 Server and pix firewall throughput

maybe you can try looking into what traffic is actually been generated in your machines? try using a sniffer to see the packets.

Re: Windows 2003 Server and pix firewall throughput

Windows 2003 DNS and Cisco Pix firewalls

This keeps coming up. Windows 2003 DNS supports large UDP packets. All but the current version of the Cisco PIX IOS have a DNS Fixup that is limited to 512 byte packets. This causes DNS lookup timeouts since the firewall drops the packets. You can:

a) turn off DNS fixup on the PIX. Not the best solution since it does offer some DNS poisoning protection.

b) turn off eDNS in Windows 2003 using the dnscmd utility from Support Tools:

dnscmd /Config /EnableEDnsProbes 0

c) upgrade to the latest PIX IOS, which adds the ability to add a “maximum-length 1500” parameter to the fixup DNS configuration element.

Reference:

http://cameron-webb.com/blog/archive/2003/11/13/159.aspx

sincerely

Patrick

228
Views
0
Helpful
2
Replies
CreatePlease login to create content