Hi I am having a problem with the throughput on my PIX 515E. I have 3 active interfaces, one for the outside, one for inside Lan and one for our DMZ. What I wish to do is to backup our servers on the DMZ with our backup server that sits on the inside lan. The problem is that when the backup runs it will only run at about 20MB/min compared to upto 2000MB/min when backing up a server on the Lan. The only real diferences in the network or server setup between these two speeds that I can see is the Pix. Is there anything that I can do to speed up my backups.
We have an unrestricted license with unlimited hosts. On the interface bandwidth stats the DMZ interface will not get any higher than 5000 Kbps where the outside interface is regularly up to 12000 Kbps and higher.
If I calculate the 2000MB/minute back to megabits, it would end up on 333Mbit connection. My guess is that the backupserver and the server on your internal internal network are connected via a gigabit network.
As the PIX supports a 100Mbit connection, you could expect a maximum transfer of 10MB/s (roughly), but you get a 5MB/sec (5000KBPS), so my guess is that the linespeed on one of the interfaces is set to 100megabit, half duplex.
Check the configuration on the switch for the ports connected to the pix and the servers (on the DMZ) for duplex mismatches. You can see what the duplex speed is on
- Cisco IOS Switches: show interface status
- Cisco PIX: show interface
Hope these pointers help you to isolate the problem
The servers that have 100Mbit cards are not precisely on 100Mbit, since they are teamed, the can reach 200mbit (or more, depending on the number of teamed adapters).
Can you check on the switch if you see certain errors? You might want to try to setup a second machine in your DMZ (100Mbit as well) and see what the speed of a copy is between the server and that second machine. Then you could do a similar test from the second machine through the pix to the backup server, but also to another server.
Based upon the results of those tests, you should be able to see why things are lower, but if you can only get to 5Mbps, it still might be a duplex-mismatch, can you verify the duplex settings between the server and the switch?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...