PIX 515 - Slow performance to DMZ and outside Interface

Discussion in 'Cisco' started by Skipdog, Feb 9, 2004.

  1. Skipdog

    Skipdog Guest

    We are experiencing tepid performance when using FTP and general
    windows file copy through the PIX 515. We've ruled out duplex/speed.
    The sh int commands show very clean stats - no runts/crc/etc. The
    equipment they are connecting to are showing clean connections. To
    our DMZ we get between 12-18megabit. To the outside interface we get
    between 6-8. If we test speeds on the switches that exist outside and
    on the DMZ - we get around 60-80. We aren't sure if the PIX can
    process the data as fast as switches or not? We are concerned mostly
    about the outside interface being so slow as it hampers the file
    copies.

    Any one ever seen this? We are running the latest PIX code -6.3.3

    Brian
    Skipdog, Feb 9, 2004
    #1
    1. Advertising

  2. In article <>,
    Skipdog <> wrote:
    :We are experiencing tepid performance when using FTP and general
    :windows file copy through the PIX 515. We've ruled out duplex/speed.
    :The sh int commands show very clean stats - no runts/crc/etc. The
    :equipment they are connecting to are showing clean connections. To
    :eek:ur DMZ we get between 12-18megabit. To the outside interface we get
    :between 6-8.

    Does your outside interface have a valid reverse DNS lookup?
    I've never figured out the reasoning, but apparently ftp and smtp
    performance is affected (not just delayed) if you do not have a
    reverse DNS.

    Beyond that... I would suggest considering switching the interfaces.
    Possibly by moving the cards, or possibly by doing a logical swap
    (a little reconfiguring to change the interface names and relative
    security levels -- easier to do by saving the config via tftp
    and editting and bringing it back.) You just might be hitting
    a case in which the logical paths might make a difference. I would,
    though, not expect that on a 515, the way I would on a 535.

    Is it possible that there is a lot of junk traffic hitting the
    outside interface?

    --
    millihamlet: the average coherency of prose created by a single monkey
    typing randomly on a keyboard. Usenet postings may be rated in mHl.
    -- Walter Roberson
    Walter Roberson, Feb 9, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jonnah
    Replies:
    1
    Views:
    1,065
    mcaissie
    Apr 21, 2004
  2. TechGuy
    Replies:
    2
    Views:
    2,253
  3. SuperIce
    Replies:
    2
    Views:
    1,829
    James
    Oct 1, 2004
  4. JohnC
    Replies:
    9
    Views:
    810
    Walter Roberson
    Dec 7, 2004
  5. Jack
    Replies:
    0
    Views:
    639
Loading...

Share This Page