Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bad Performance

Status
Not open for further replies.
lardum

lardum

IS-IT--Management
Apr 26, 2000
462
SE
I've switched from my old ISP to my new ISP. The only thing i changed in my PIX was the IP addresses. I'm using TPTEST for measuring the performance. With my old ISP i got really good results but with my new ISP i get bad performance for TCP transfers but good UDP transfers. When i say bad i mean really bad. I.e UDP transfers are 11-12Mbit/s but TCP transfers are 300-500Kbit/s. If i disconnect my PIX and run the tests on the actual line i get good respone. My network is like this:
Internet- dual Cisco switches (redundant) - Cisco 2950 - PIX - LAN Network.

Anyone have any ideas about this?
 
Sort by date Sort by votes
Hi
I can't run PDM since PDM is only supported under PIX IOS 6.X. Am i right or wrong?
The test were measured against the same measurement server at the ISP. When i get good response times i have the testing computer on the dual Switches. When i place the testing computer behind the firewall on the 2950 Switch i get bad response times on the TCP transfers.
I can't runt the test program on another port, however all outgoing traffic is allowed in my PIX. I'm running PIX IOS 5.1.8. Also the Cisco 2950 switch is not at all configured i've just set the port speed and duplex settings.




 
Upvote 0 Downvote
HI.

> I can't run PDM since PDM is only supported under PIX IOS 6.X. Am i right or wrong?
Yes you are right.
I think that you can use "show" commands from CLI to get info about current CPU usage when you run the test.

> can't runt the test program on another port
OK, but I'm still asking which port is used?
You can try to disable the related "fixup" to see if the pix fixup is causing the performance degrade.

You should also use syslog messages at the pix, for example:
logging on
logging buffer 4
show log

If the pix is blocking something, you should see it there.

What is the pix model?
They differ on bandwidth capabilities - check the pix specifications.

I suggest that you upgrade the pix OS to the latest.
This has many advantages - I don't know if it will improve performance but there is a good chance that it will, and anyway it will give you more features, options and bug fixes.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
If the switch and the PIX ports are set differently you can expect constant spped and duplex re-negoiation. There could also be VLAN spanning tree issues.

Sounds like a configuration problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ericwood
  • Locked
  • Question
Pix 535 max performance
Replies
0
Views
96
ericwood
ericwood
HenriettaHog
  • Locked
  • Question
PIX 515E Unrestricted Performance
Replies
3
Views
147
nosebreaker
nosebreaker
rhormigo
  • Locked
  • Question
SonicWall TZ200 slow performance VPN Access with Netextender V3.5.108
Replies
2
Views
242
rhormigo
rhormigo
sharper
  • Locked
  • Question
NSA2400, Content Filter and ISA2004 Proxy performance
Replies
0
Views
111
sharper
sharper
Bubbalouie
  • Locked
  • Question
PIX-to-1751 vpn performance issue
Replies
7
Views
155
Bubbalouie
Bubbalouie

Part and Inventory Search

Sponsor

Back
Top