Cisco Pix 515 Slow Internet

Posted on 2009-02-12
Last Modified: 2012-06-27
I have a cisco pix 515 running a cavalier t1.  I am having an issue with download speeds being slow.  They are between 700kb/s and 1000kb/s down and usually about 1400kb/s up.

I am getting errors on the outside interface.  I have switched the crossover cable and nothing changed.

Here is the show int (I just reset the stats about 20 minutes ago)...the pix code is below.
Thanks for the help.

Interface Ethernet0 "outside", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps
        Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
        MAC address 000f.34ac.f321, MTU 1500
        IP address subnet mask
        55109 packets input, 49653526 bytes, 0 no buffer
        Received 14 broadcasts, 10 runts, 0 giants
        28 input errors, 15 CRC, 13 frame, 0 overrun, 15 ignored, 0 abort
        0 L2 decode drops
        46413 packets output, 16137317 bytes, 0 underruns
        0 output errors, 1 collisions, 0 interface resets
        0 babbles, 0 late collisions, 8 deferred
        4 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (0/4) software (0/1)
  Traffic Statistics for "outside":
        55058 packets input, 48831840 bytes
        46401 packets output, 15204989 bytes
        2180 packets dropped
PIX515E# sh run

: Saved


PIX Version 7.1(1)


hostname PIX515E


enable password encrypted



interface Ethernet0

 speed 100

 duplex full

 nameif outside

 security-level 0

 ip address


interface Ethernet1

 nameif inside

 security-level 100

 ip address


passwd RPN.WPaKy.QDNIg/ encrypted

boot system flash:/image.bin

ftp mode passive

dns server-group DefaultDNS


access-list 105 extended permit ip 255.255.25


access-list outside_acl extended permit tcp any host eq smtp

access-list outside_acl extended permit tcp any host eq www

access-list outside_acl extended permit tcp any host eq https

access-list outside_acl extended permit tcp any host eq imap4

access-list outside_acl extended permit tcp any host eq 3389

access-list outside_acl extended permit tcp any host eq 3389

access-list outside_acl extended permit tcp any host eq 5721

access-list outside_acl extended permit tcp any host eq www

access-list outside_acl extended permit tcp any host eq https

access-list outside_acl extended permit tcp any host eq 8081

access-list outside_acl extended permit tcp any host eq 3389

pager lines 24

logging enable

logging timestamp

logging device-id hostname

mtu outside 1500

mtu inside 1500

icmp permit any outside

icmp permit host echo-reply outside

asdm history enable

arp timeout 14400


global (outside) 1 interface

nat (inside) 1

static (inside,outside) netmask

static (inside,outside) netmask

static (inside,outside) netmask

access-group outside_acl in interface outside

route outside 1

timeout xlate 1:00:00

timeout conn 0:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username weinmatt password xxxxxxxxxxxxxx encrypted privilege 15

http server enable

http outside

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp authentication linkup linkdown coldstart

isakmp identity address

isakmp enable outside

telnet inside

telnet timeout 5

ssh outside

ssh timeout 3

ssh version 1

console timeout 0

dhcpd address inside

dhcpd dns

dhcpd wins

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain marathonllc.local

dhcpd auto_config outside

dhcpd enable inside


class-map inspection_default

 match default-inspection-traffic



policy-map global_policy

 class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect http

  inspect netbios

  inspect pptp

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect sunrpc

  inspect xdmcp


service-policy global_policy global


Open in new window

Question by:negativelocity
    LVL 20

    Expert Comment

    I'm not familiar with a cavalier T1; however these are usually (99.95%) of the time a speed/duplex mismatch.

    Check the speed and duplex on the connected router(?).  It's probably a 10 full.
    LVL 43

    Expert Comment

    Try setting the Ethernet0 interface to auto/auto unless you know for sure that the outside device is hard set to 100/Full.

    conf t
    interface Ethernet0
     speed auto
     duplex auto
    LVL 20

    Expert Comment

    Highly disagree unless the outside device is auto/auto also.

    Auto config connected to a static config is problematic.

    See or any of the other 277,000 results on google.
    LVL 1

    Author Comment

    I just changed the speed to auto/auto and did not see any improvement in download speed.

    Thanks again for the help.

    Cavalier has provided us with one of their Adit 600 boxes.
    LVL 43

    Expert Comment


    How do you know it is a static config?


    Check with Cavalier as to what they are configured for on their ethernet connection to your PIX (100/Full, 10/Full, 10/half, auto).  Clear the counters on the PIX and see if errors are still incrementing when set to auto/auto.  Also do a show interface again and see what your interface is operating at when set to auto/auto.
    LVL 20

    Expert Comment

    I don't.  But I wouldn't presume that it was.  Thus my first comment "Check the speed and duplex on the connected router"

    I was just offering a bit of caution against auto/auto without explicit knowledge.

    Again...Check the speed and duplex on the connected router.
    LVL 1

    Author Comment

    I have pretty much triedl all the speed combinations without any improvement over auto auto.

    Any other suggestions?
    LVL 43

    Expert Comment

    Not that this may change anything but I would upgrade the PIX to 7.2(4).  It may not help with speed (or it might if you are running into a bug) but it at least gets you up to more recent code.  Are you still getting errors on the PIX interface?  If you are, something is wrong, you shouldn't be getting any errors if things are configured properly.  Have you contacted Cavalier about their router settings?
    LVL 20

    Accepted Solution

    The errors are the obvious issue.  You need to isolate the source of the errors.

    Most of the time it's a speed/duplex issue (as stated previously).  If you have tried 10 full, 10 half, 100 full, 100 half and auto/auto and are still seeing errors with all of these, then the other .05% of the time it's a bad cable.

    The remaining possible problems are: signal interference or bad interface on the PIX or the router.

    I can't emphasize enough that trying "pretty much" all of the speed combinations is not the same as all.  There are only 5.  Try them all.  Clear the error interface counters.  Run for a bit.  Look for increasing error count.
    LVL 1

    Author Comment

    Cavalier came and replaced their T1 router, which resolved the issue. Thanks for the input.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now