«

I just switched from a T1 to Comcast HighSpeed Internet 16mb/6mb. I
am using a Cisco PIX 515E as our firewall. With the firewall in the
works between my laptop and Comcast I get at best 5mb/5mb speeds using
Speakeasy speed testing. When I remove the PIX from the equation I
consistently get 10mb/5mb. I lose on average between 3-5mb when I put
the PIX in the middle. It does not make any sense. I consider
configuring the hardware properties of the Outside NIC as far as
Duplex and Speed and that didn't make a difference.

I know this is not a bandwidth limitation of the PIX so it has to
either be a setting on the PIX or something in the interaction between
the Comcast router and the PIX.

Pease help!

In article <664f8190-066d-4c46-b09b->,
<> wrote:
>I just switched from a T1 to Comcast HighSpeed Internet 16mb/6mb. I
>am using a Cisco PIX 515E as our firewall. With the firewall in the
>works between my laptop and Comcast I get at best 5mb/5mb speeds using
>Speakeasy speed testing. When I remove the PIX from the equation I
>consistently get 10mb/5mb. I lose on average between 3-5mb when I put
>the PIX in the middle. It does not make any sense. I consider
>configuring the hardware properties of the Outside NIC as far as
>Duplex and Speed and that didn't make a difference.

Are you accidently blocking Path MTU Discovery by not
explicitly permitting ICMP Fragmentation Needed packets into
your network? Such packets could have an IP address of anywhere
between the source and destination, so effectively you have to
permit "any" for their outside source, and you have to effectively
permit as the destination any of your internal machines that can
go out to the internet.