Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Irregular connectivity issue from a HTTP in DMZ through a PIX through Cisco 5509 to an application server

Posted on 2004-04-03
Medium Priority
Last Modified: 2010-04-17
What kind of issue am I potentially dealing with here?  Cisco wizzards please assist.

Here is the setup:  DMZ with a webserver application configured to access an internal application server / database, routed through a PIX firewall and 5509 switch to access the application on a specific port.  That port is open on the firewall.  Firewall only allows 443 & 80 for the webserver.

This is the interesting part - accessibility of web apps via webserver works great at certain times of the day for an hour or so then it slows down to a halt, no timeouts of the webserver just takes a really long time and eventually opens up the page by fetching app server data as opposed to lightning fast in other times.  Maybe some tasks kick off that take up much of the network bandwith at these particular times...
Is the bottleneck in the firewall or the switch?  How can I isolate the issue (as a newby to Cisco)?

Question by:nsome
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

visioneer earned 1500 total points
ID: 10750653
You can use an application like SolarWinds ( to get real-time and aggregate bandwidth gague information on each interface in a Cisco device.  You could monitor the inbound/outbound ports in the PIX as well as the switch port that the server is using.  
LVL 79

Expert Comment

ID: 10752400
You should also look at the server(s) CPU utilization and montitor during these "slow" times.
Monitoring the CPU utilization of the switch can help, too.
Can you pinpoint specific hours during the day?
Can you point to any specific environmental issues during that same time period?
Perhaps someone on the network has a worm-infested PC (like Blaster, Welchia, et al) that is only turned on during certain periods and the effects build up over a period of hours, slow the heck out of the servers, then gets shut off when someone goes home, and everything eventually settles down.
These type issues do not typically point to any type of configuration or other issue on the network proper. Either it works or it doesn't, or the behavior is consistently good or consistently bad, but consistent.
Other environmental factors or worm/virus infections cause most of these infrequent variations. I have seen things like a florescent light fixture interfering with the in-ceiling cabling runs causing interference, but this particular light fixture was in a conference room that was rarely used. It took a long time to correlate the use of the conference room with the apparent slowdown of the network...
I've seen things like apparent network down conditions that happened at almost exactly 4:55 a.m. every day, but nobody knew it until we started setting up syslogging on all the equipment. Turns out that was when the first people came in and got the coffee going. Something about the wattage of that particular coffee pot pulling too much juice and causing a brown-out in the circuit where a network switch was plugged into in the next room over. Just because equipment is not in the same room, doesn't mean the power circuit is not shared somewhere...
The bottom line is to think outside the box and not just look at the network equipment. Set up the syslogging and SNMP on the equipment, and use the 30-day eval of solarwinds to monitor everything about the servers, the firewall, the switch, etc. and I'll bet you'll find something..

Expert Comment

ID: 10752973
SolarWinds can monitor the CPU with a realtime gauge as well, plus it has a syslog, so it can do all of the things that lrmoore is suggesting.

Author Comment

ID: 10799625
Solarwinds helped isolate the problem but it turned out to be an application issue that required a just released patch...


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question