Solved

Is my CIsco PIX 506E is slowing my internet?

Posted on 2009-03-31
17
1,381 Views
Last Modified: 2012-05-06
I have a cisco PIX506E connected to a cisco router 2610 on one side and my switches with my computers on the other side.
Last week I had my provider install 4 T1s and bounded them all together, originally I had only one T1 but the speed was too slow for my users.
those 4 T1's are delivered to the router of my provider and then handed out to me as a single network cable that is connected to my Cisco 2610 router.
 
I am trying to figure out why my internet is still so slow; of course it could be one of my user that is streaming something or downloading files. but I doubt that he would use the full bandwith all day long. Before I go from computer to computer to check all the running software I would like to make sure that my router and PIX are passing the correct speed to my network.

I open the web interface device manager of my PIX  and when looking at the home page where it shows my interface status. this is what I have:
Interface |        IP              | LINK |  Current Kbps
inside  xxx.xxx.xxx.xxx     UP           479
Outside xxx.xxx.xxx.xxx   UP           475

here are my questions:
is the number above are the speed that is passing currently to my network? if it is I assume that it is in kilo bits per second so it means it is not even a full speed of a T1 ... which means that I am not getting the full speed in my network.
I forgot to mention that while looking at the page , I am trying to download a software from Vmware and the speed is showing 7.20 KB/sec, I logged into my home computer and try to download the same software and it shows the speed at 600KB/sec; so i know that the slow speed is coming from my side.

What can I do to troubleshoot this problem or at least to figure out what piece of component is bad.
It's driving me crazy to have such a slow internet.
Thanks,
David
0
Comment
Question by:taverny
  • 7
  • 6
  • 4
17 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 24034690
Hey

Quickest way to isolate the PIX is to plug your PC direct into your 2600 router using the public ip the PIX is on and trying downloading again.  

You can also monitor the usage of the T1s - either by asking the provider for a view by day/week or by doing it yourself by monitoring the interfaces - even just run MRTG on them
http://oss.oetiker.ch/mrtg/download.en.html

The connections table on the PIX will show you what is running through it so you may be able to find bandwidth hoggers - look particularly for large amounts of connections over udp to multiple destination hosts from the same internal hosts - can be P2P downloads.
Also -
sh interfaces on the router and PIX - just in case you have are getting errors on your interfaces.  A duplex mismatch or crc errors will def impact your performance.

hth
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24042798
Can you please post a config as well as a SHOW INT for all interfaces?

I will be happy to help with this info!

Cheers!
0
 

Author Comment

by:taverny
ID: 24043813
Hi guys,

thanks for your responses ,  I will try to plug my computer right after the router this evening , when all my users are out. Nodisco, I looked at the software that you mentioned , the setup seems to be a little confusing, but I will try to follow to capture some data.
attached you will find the configuration of my router and PIX

Thanks for your help
David



This is my router configuration:
 

Current configuration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname PerfServo_C2600

!

enable secret 5 ********************

!

username servo password 0 ******8

!

!

process-max-time 200

!

interface BRI0/0

 no ip address

 shutdown

!

interface Ethernet0/0

 ip address XXX.146.72.41 255.255.255.248

!

interface Serial0/0

 no ip address

!

interface Ethernet1/0

 ip address XXX.21.37.106 255.255.255.252

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 XXX.21.37.105

!

banner login ^C

This router is owned and managed by Servo.  If you are not

authorized to access this router, please LOG OFF NOW!

^C

!

line con 0

 login local

line aux 0

 login local

line vty 0 4

 login local

!

end

----------------------------------------------------------

the pix config:
 
 
 

PIX Version 6.3(1)

interface ethernet0 10full

interface ethernet1 10full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ******* encrypted

passwd ******* encrypted

hostname pshinet

domain-name servo.com

clock timezone CST -6

clock summer-time CDT recurring

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

names

name 192.168.1.3 PSHDC1

name 192.168.1.7 ICEBOX

name 192.168.1.30 TRIXBOX

name 192.168.1.90 SPY

pager lines 24

logging on

logging monitor warnings

mtu outside 1500

mtu inside 1500

ip address outside xxx.146.72.42 255.255.255.248

ip address inside 192.168.1.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.1.0 255.255.255.0 inside

pdm location PSHDC1 255.255.255.255 inside

pdm location 192.168.1.11 255.255.255.255 inside

pdm location ICEBOX 255.255.255.255 inside

pdm location TRIXBOX 255.255.255.255 inside

pdm location SPY 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) xxx.146.72.43 PSHDC1 netmask 255.255.255.255 0 0

static (inside,outside) xxx.146.72.46 TRIXBOX netmask 255.255.255.255 0 0

static (inside,outside) xxx.146.72.45 SPY netmask 255.255.255.255 0 0

static (inside,outside) xxx.146.72.44 ICEBOX netmask 255.255.255.255 0 0

conduit permit icmp any any

conduit permit icmp any any time-exceeded

conduit permit icmp any any unreachable

conduit permit tcp host xxx.146.72.44 eq ssh any

conduit permit tcp host xxx.146.72.44 eq smtp any

conduit permit tcp host xxx.146.72.43 eq www any

conduit permit tcp host xxx.146.72.43 eq pop3 any

conduit permit tcp host xxx.146.72.43 eq pptp any

conduit permit gre host xxx.146.72.43 any

conduit permit tcp host xxx.146.72.44 eq www any

conduit permit udp host xxx.146.72.46 eq 4569 any

conduit permit udp host xxx.146.72.46 eq 4520 any

conduit permit tcp host xxx.146.72.46 eq ssh any

conduit permit tcp host xxx.146.72.44 eq https any

conduit permit udp host xxx.146.72.45 any

conduit permit tcp host xxx.146.72.45 any

conduit permit tcp host xxx.146.72.45 eq 2000 any eq 2000

route outside 0.0.0.0 0.0.0.0 xxx.146.72.41 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http PSHDC1 255.255.255.255 inside

http 192.168.1.254 255.255.255.255 inside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server inside 192.168.1.65 /tftpboot/

floodguard enable

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxx

: end

Open in new window

0
 

Author Comment

by:taverny
ID: 24045438
ok, I tried to connect my laptop directly to my cisco router, I did a test @ speakeasy.net and the speed was 5800 kbps download and about the same upload.
then I connected my laptop behind the firewall PIX 506 and did the same test , the download was around 430 kbbps and upload a little more. I swap the network cable just to make sure the problem was not coming from the router and I still got a slow speed. so now I am pretty sure the problem is coming from the firewall and not from my users.
Any suggestions?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24045620
hey

post the output of the following
sh interface (from the router)
sh interface (from the pix)
sh cpu usage (from the pix)

cheers
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24045638
Hi Taverny,

Yes, I would like to see the SHOW INT as I mentioned earlier as well... a full printout of what it says will be very useful in determining interface problems or possible a bad physical link.

To determine your firewalls true functional throughput try using the PCATTCP LAN throughput test. I use this to benchmark throughput of new firewalls, routers, and switches. It consists of a one instance of the program running on a computer as a test client on one side of the device (outside, for example) and another instance running on another computer on the other side of the device (inside) as the test server. You can input the protocol to use (TCP or UDP) and set the amount of data to push through. That way you get an accurate test speed that is independent of an external server (speakeasy). Make sure you run the test at least a few times to make sure you get a good average speed. If the problem IS the PIX, then you will find the throughput is equal to around our speed of 430k found earlier. If it is much faster, then you know the problem lies elsewhere.

http://www.pcausa.com/Utilities/pcattcp.htm

This is what I do when I think I have a bottleneck somewhere on my network. If you have any questions about how to use the program let me know, but it's pretty simple.

Let me know!

Cheers!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24045663
One other thing... the PIX 506 shouldn't have a problem throughputting that much traffic... it should be able to handle up to and probably past 4 bound T1s... although it is an older generation device (I've been deploying the newer ASAs for a few years now), it has very capable hardware. I know for a fact the smallest ASA, the 5505, has firewall bidirectional throughput of ~55mbps when using an IPsec VPN (DES/MD5 - yeah I know, weak crypto, but it was for an internal S2S, so it was fine) connection (I measured it just a few months ago with PCATTCP), and since your 506E is much more capable than the old PIX 501 and won't be doing any encryption - only clear text throughput - then it should have no problem crunching any numbers close to that.

Cheers oncemore!
0
 

Author Comment

by:taverny
ID: 24046654
Thank guys for your input,
below you will find the output you requested, I am not sure if the command sh and show are the same so I copy both outputs.
I will run the PCATTCP tomorrow after work hour and let you know what I got.
if you need an output while my users are logged in let me know and I will post it during the day .

Thanks again.
sh interface from router:
 
 

BRI0/0 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

BRI0/0:1 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

BRI0/0:2 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

Ethernet0/0 is up, line protocol is up

  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)

  Internet address is xxx.146.72.41/29

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:01, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 2000 bits/sec, 3 packets/sec

  5 minute output rate 4000 bits/sec, 4 packets/sec

     87010 packets input, 22415585 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     90669 packets output, 46931231 bytes, 0 underruns

     4582 output errors, 760 collisions, 4574 interface resets

     0 babbles, 4582 late collision, 415 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Serial0/0 is down, line protocol is down

  Hardware is PQUICC with Fractional T1 CSU/DSU

  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 4 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

     DCD=down  DSR=up  DTR=up  RTS=up  CTS=down
 

Ethernet1/0 is up, line protocol is up

  Hardware is AmdP2, address is 00b0.6452.a0a8 (bia 00b0.6452.a0a8)

  Internet address is xxx.21.37.106/30

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 5000 bits/sec, 6 packets/sec

  5 minute output rate 5000 bits/sec, 6 packets/sec

     114524 packets input, 50298832 bytes, 0 no buffer

     Received 44 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     116451 packets output, 26328110 bytes, 0 underruns

     0 output errors, 2969 collisions, 1 interface resets

     0 babbles, 0 late collision, 3021 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

-----------------------------------------------
 

sh interface from PIX
 
 

pshinet# sh interface

interface ethernet0 "outside" is up, line protocol is up

  Hardware is i82559 ethernet, address is 000b.5f66.ead0

  IP address xxx.146.72.42, subnet mask 255.255.255.248

  MTU 1500 bytes, BW 10000 Kbit full duplex

        84126 packets input, 40400938 bytes, 0 no buffer

        Received 92 broadcasts, 141 runts, 0 giants

        4734 input errors, 2208 CRC, 2385 frame, 0 overrun, 2208 ignored, 0 abort

        94097 packets output, 23771911 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (128/128) software (0/2)

        output queue (curr/max blocks): hardware (0/3) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

  Hardware is i82559 ethernet, address is 000b.5f66.ead1

  IP address 192.168.1.254, subnet mask 255.255.255.0

  MTU 1500 bytes, BW 10000 Kbit full duplex

        100573 packets input, 24373371 bytes, 0 no buffer

        Received 5618 broadcasts, 335 runts, 0 giants

        922 input errors, 587 CRC, 0 frame, 0 overrun, 587 ignored, 0 abort

        83629 packets output, 39796695 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (128/128) software (0/2)

        output queue (curr/max blocks): hardware (2/3) software (0/1)

------------------------------------------
 

sh cpu usage for PIX
 

CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
 

-------------------------------------------

show int for router:
 
 

BRI0/0 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

BRI0/0:1 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

BRI0/0:2 is administratively down, line protocol is down

  Hardware is PQUICC BRI with U interface

  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

Ethernet0/0 is up, line protocol is up

  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)

  Internet address is xxx.146.72.41/29

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:06, output 00:00:03, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     88285 packets input, 22557166 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     91838 packets output, 47119384 bytes, 0 underruns

     4591 output errors, 760 collisions, 4583 interface resets

     0 babbles, 4591 late collision, 416 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Serial0/0 is down, line protocol is down

  Hardware is PQUICC with Fractional T1 CSU/DSU

  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation HDLC, loopback not set, keepalive set (10 sec)

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  Queueing strategy: weighted fair

  Output queue: 0/1000/64/0 (size/max total/threshold/drops)

     Conversations  0/0/256 (active/max active/max total)

     Reserved Conversations 0/0 (allocated/max allocated)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 4 interface resets

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

     DCD=down  DSR=up  DTR=up  RTS=up  CTS=down
 

Ethernet1/0 is up, line protocol is up

  Hardware is AmdP2, address is 00b0.6452.a0a8 (bia 00b0.6452.a0a8)

  Internet address is xxx.21.37.106/30

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 1000 bits/sec, 1 packets/sec

  5 minute output rate 3000 bits/sec, 2 packets/sec

     116574 packets input, 50539811 bytes, 0 no buffer

     Received 45 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     118712 packets output, 26540315 bytes, 0 underruns

     0 output errors, 2977 collisions, 1 interface resets

     0 babbles, 0 late collision, 3090 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

-----------------------------------------------------------------
 

show int for PIX:
 

interface ethernet0 "outside" is up, line protocol is up

  Hardware is i82559 ethernet, address is 000b.5f66.ead0

  IP address xxx.146.72.42, subnet mask 255.255.255.248

  MTU 1500 bytes, BW 10000 Kbit full duplex

        84800 packets input, 40485570 bytes, 0 no buffer

        Received 92 broadcasts, 141 runts, 0 giants

        4735 input errors, 2208 CRC, 2386 frame, 0 overrun, 2208 ignored, 0 abort

        94970 packets output, 23870327 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (128/128) software (0/2)

        output queue (curr/max blocks): hardware (0/3) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

  Hardware is i82559 ethernet, address is 000b.5f66.ead1

  IP address 192.168.1.254, subnet mask 255.255.255.0

  MTU 1500 bytes, BW 10000 Kbit full duplex

        101659 packets input, 24489140 bytes, 0 no buffer

        Received 5689 broadcasts, 335 runts, 0 giants

        922 input errors, 587 CRC, 0 frame, 0 overrun, 587 ignored, 0 abort

        84499 packets output, 39893214 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (128/128) software (0/2)

        output queue (curr/max blocks): hardware (2/3) software (0/1)

Open in new window

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 19

Accepted Solution

by:
nodisco earned 300 total points
ID: 24046684
Ok

you have heaps of interface collisions, crcs and input errors - but these may be historical.  
To clear the counters on them - go to the router and type:
clear counters
and hit enter

You can try hard coding the interfaces or even just having them auto find their duplex/speed settings.
Try auto first just to see if its makes a difference - to do this:
On the router:
interface Ethernet0/0
speed auto
duplex auto

Depending on the router release it may not accept these commands

On the PIX
interface ethernet0 auto
interface ethernet1 auto

Try downloading again and after some testing, post the output of
sh interface Eth0/0


0
 

Author Comment

by:taverny
ID: 24051858
Hi Nodisco,

I think you fix it!!!!  
ok this is what I did
I did a clear counters on the router , but the commands "speed" and "duplex" are not recognized.
this is the step I did on the router:
log into the router.
typed "en"
enter my password
then "conf t"
then " interface Ethernet 0/0
then "speed auto"
then I got invalid input detected at ' '   " under the p of speed"

then on the PIX :
interface ethernet0 auto
interface ethernet1 auto
I didn't do a write command on either of the machine.
and I did a speakeasy test  , then I got a upload and download of 5500 . so I know it's way faster.
why did the auto solved the problem? did the speed was setup differently ?
since I didn't do a save , how can I revert to the configuration before I type those lines? I would like to see if the speed would go down again.
thanks
DAvid


Router sh interface Eth0/0
 

Ethernet0/0 is up, line protocol is up

  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)

  Internet address is xxx.146.72.41/29

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 9/255, rxload 1/255

  Encapsulation ARPA, loopback not set, keepalive set (10 sec)

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters 00:26:51

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 75000 bits/sec, 43 packets/sec

  5 minute output rate 382000 bits/sec, 50 packets/sec

     101300 packets input, 27187207 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 input packets with dribble condition detected

     121781 packets output, 108862268 bytes, 0 underruns

     1268 output errors, 5021 collisions, 1241 interface resets

     0 babbles, 1256 late collision, 2032 deferred

     12 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out
 
 
 

-----------------------------------------------------------

PIX sh interface Eth0/0
 

interface ethernet0 "outside" is up, line protocol is up

  Hardware is i82559 ethernet, address is 000b.5f66.ead0

  IP address xxx.146.72.42, subnet mask 255.255.255.248

  MTU 1500 bytes, BW 10000 Kbit half duplex

        1295900 packets input, 1101068832 bytes, 0 no buffer

        Received 298 broadcasts, 5848 runts, 0 giants

        84473 input errors, 38933 CRC, 39692 frame, 0 overrun, 38933 ignored, 0 abort

        1213973 packets output, 288113285 bytes, 0 underruns

        0 output errors, 3200 collisions, 0 interface resets

        0 babbles, 0 late collisions, 12255 deferred

        33 lost carrier, 0 no carrier

        input queue (curr/max blocks): hardware (128/128) software (0/3)

        output queue (curr/max blocks): hardware (0/82) software (0/1)

Open in new window

0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 200 total points
ID: 24051947
Hi Taverny,

It sounds like you've got an older router - that's why the commands aren't being recognized.

The reason auto might have helped (if it actually did) is that it automatically set the ports on both the PIX and the router to the correct (fastest) setting. It is possible that the router had a statically configured port and the PIX was in auto, which on older routers can cause duplex mismatches (and thus collisions, drops, etc.).

To reset the devices to the original config just restart them but don't write mem.

What does concern me though is that you have errors on both the inside AND outside interfaces of the PIX... you should only have them on the interface connecting to the router if that is the true problem.

At least you appear to not have any errors now... I would still run PCATTCP tonight though just to see what you get.

Cheers!

Let me know if you have any more info!
0
 

Author Comment

by:taverny
ID: 24052001
Sorry, I am confused. you said that I have errors on both the inside and outside of the pix ..... but then you say "at least you appear to not have any errors now.."

do I still have errors or I don't ?

to reboot the pix , do I do it manually or is there a command to reboot it remotely?

I will run the PCATTCP tonight and post the result. I am actully gonna look at it now to see how to set it up.
Thanks
David
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24052296
Oh sorry about that. I meant that before you ran the auto commands you HAD problems on both the inside and outside of the PIX - now you don't have any errors according to the output.

Just do a reload and make sure you don't save changes.

Cheers!
0
 

Author Comment

by:taverny
ID: 24053045
ok I did a reload and the problem ( slow speed ) occured again, less than 300 kbps this time... so weird.
any way I retype the 2 commands and the speed came back up again. I did a write mem just to save the new configuration.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24053159
Cool! If that is satisfactory for you then I say good! Otherwise, run PCATTCP to verify the throughput; if there is still an issue I'll be glad to help!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24053861
Good to hear that fixed  it.  Often the PIX auto setting is better than using 10/half or 10/full when connecting to Ethernet only routers - I have seen this several times in the past.

cheers
0
 

Author Closing Comment

by:taverny
ID: 31565051
Thank you guys for your help, the speed is perfect, I also have less complaint about people connecting with VPN.
Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now