?
Solved

Is my CIsco PIX 506E is slowing my internet?

Posted on 2009-03-31
17
Medium Priority
?
1,402 Views
Last Modified: 2012-05-06
I have a cisco PIX506E connected to a cisco router 2610 on one side and my switches with my computers on the other side.
Last week I had my provider install 4 T1s and bounded them all together, originally I had only one T1 but the speed was too slow for my users.
those 4 T1's are delivered to the router of my provider and then handed out to me as a single network cable that is connected to my Cisco 2610 router.
 
I am trying to figure out why my internet is still so slow; of course it could be one of my user that is streaming something or downloading files. but I doubt that he would use the full bandwith all day long. Before I go from computer to computer to check all the running software I would like to make sure that my router and PIX are passing the correct speed to my network.

I open the web interface device manager of my PIX  and when looking at the home page where it shows my interface status. this is what I have:
Interface |        IP              | LINK |  Current Kbps
inside  xxx.xxx.xxx.xxx     UP           479
Outside xxx.xxx.xxx.xxx   UP           475

here are my questions:
is the number above are the speed that is passing currently to my network? if it is I assume that it is in kilo bits per second so it means it is not even a full speed of a T1 ... which means that I am not getting the full speed in my network.
I forgot to mention that while looking at the page , I am trying to download a software from Vmware and the speed is showing 7.20 KB/sec, I logged into my home computer and try to download the same software and it shows the speed at 600KB/sec; so i know that the slow speed is coming from my side.

What can I do to troubleshoot this problem or at least to figure out what piece of component is bad.
It's driving me crazy to have such a slow internet.
Thanks,
David
0
Comment
Question by:taverny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
17 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 24034690
Hey

Quickest way to isolate the PIX is to plug your PC direct into your 2600 router using the public ip the PIX is on and trying downloading again.  

You can also monitor the usage of the T1s - either by asking the provider for a view by day/week or by doing it yourself by monitoring the interfaces - even just run MRTG on them
http://oss.oetiker.ch/mrtg/download.en.html

The connections table on the PIX will show you what is running through it so you may be able to find bandwidth hoggers - look particularly for large amounts of connections over udp to multiple destination hosts from the same internal hosts - can be P2P downloads.
Also -
sh interfaces on the router and PIX - just in case you have are getting errors on your interfaces.  A duplex mismatch or crc errors will def impact your performance.

hth
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24042798
Can you please post a config as well as a SHOW INT for all interfaces?

I will be happy to help with this info!

Cheers!
0
 

Author Comment

by:taverny
ID: 24043813
Hi guys,

thanks for your responses ,  I will try to plug my computer right after the router this evening , when all my users are out. Nodisco, I looked at the software that you mentioned , the setup seems to be a little confusing, but I will try to follow to capture some data.
attached you will find the configuration of my router and PIX

Thanks for your help
David



This is my router configuration:
 
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PerfServo_C2600
!
enable secret 5 ********************
!
username servo password 0 ******8
!
!
process-max-time 200
!
interface BRI0/0
 no ip address
 shutdown
!
interface Ethernet0/0
 ip address XXX.146.72.41 255.255.255.248
!
interface Serial0/0
 no ip address
!
interface Ethernet1/0
 ip address XXX.21.37.106 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 XXX.21.37.105
!
banner login ^C
This router is owned and managed by Servo.  If you are not
authorized to access this router, please LOG OFF NOW!
^C
!
line con 0
 login local
line aux 0
 login local
line vty 0 4
 login local
!
end
----------------------------------------------------------
the pix config:
 
 
 
PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 10full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ******* encrypted
passwd ******* encrypted
hostname pshinet
domain-name servo.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.1.3 PSHDC1
name 192.168.1.7 ICEBOX
name 192.168.1.30 TRIXBOX
name 192.168.1.90 SPY
pager lines 24
logging on
logging monitor warnings
mtu outside 1500
mtu inside 1500
ip address outside xxx.146.72.42 255.255.255.248
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.0 inside
pdm location PSHDC1 255.255.255.255 inside
pdm location 192.168.1.11 255.255.255.255 inside
pdm location ICEBOX 255.255.255.255 inside
pdm location TRIXBOX 255.255.255.255 inside
pdm location SPY 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) xxx.146.72.43 PSHDC1 netmask 255.255.255.255 0 0
static (inside,outside) xxx.146.72.46 TRIXBOX netmask 255.255.255.255 0 0
static (inside,outside) xxx.146.72.45 SPY netmask 255.255.255.255 0 0
static (inside,outside) xxx.146.72.44 ICEBOX netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit icmp any any time-exceeded
conduit permit icmp any any unreachable
conduit permit tcp host xxx.146.72.44 eq ssh any
conduit permit tcp host xxx.146.72.44 eq smtp any
conduit permit tcp host xxx.146.72.43 eq www any
conduit permit tcp host xxx.146.72.43 eq pop3 any
conduit permit tcp host xxx.146.72.43 eq pptp any
conduit permit gre host xxx.146.72.43 any
conduit permit tcp host xxx.146.72.44 eq www any
conduit permit udp host xxx.146.72.46 eq 4569 any
conduit permit udp host xxx.146.72.46 eq 4520 any
conduit permit tcp host xxx.146.72.46 eq ssh any
conduit permit tcp host xxx.146.72.44 eq https any
conduit permit udp host xxx.146.72.45 any
conduit permit tcp host xxx.146.72.45 any
conduit permit tcp host xxx.146.72.45 eq 2000 any eq 2000
route outside 0.0.0.0 0.0.0.0 xxx.146.72.41 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http PSHDC1 255.255.255.255 inside
http 192.168.1.254 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.1.65 /tftpboot/
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxx
: end

Open in new window

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:taverny
ID: 24045438
ok, I tried to connect my laptop directly to my cisco router, I did a test @ speakeasy.net and the speed was 5800 kbps download and about the same upload.
then I connected my laptop behind the firewall PIX 506 and did the same test , the download was around 430 kbbps and upload a little more. I swap the network cable just to make sure the problem was not coming from the router and I still got a slow speed. so now I am pretty sure the problem is coming from the firewall and not from my users.
Any suggestions?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24045620
hey

post the output of the following
sh interface (from the router)
sh interface (from the pix)
sh cpu usage (from the pix)

cheers
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24045638
Hi Taverny,

Yes, I would like to see the SHOW INT as I mentioned earlier as well... a full printout of what it says will be very useful in determining interface problems or possible a bad physical link.

To determine your firewalls true functional throughput try using the PCATTCP LAN throughput test. I use this to benchmark throughput of new firewalls, routers, and switches. It consists of a one instance of the program running on a computer as a test client on one side of the device (outside, for example) and another instance running on another computer on the other side of the device (inside) as the test server. You can input the protocol to use (TCP or UDP) and set the amount of data to push through. That way you get an accurate test speed that is independent of an external server (speakeasy). Make sure you run the test at least a few times to make sure you get a good average speed. If the problem IS the PIX, then you will find the throughput is equal to around our speed of 430k found earlier. If it is much faster, then you know the problem lies elsewhere.

http://www.pcausa.com/Utilities/pcattcp.htm

This is what I do when I think I have a bottleneck somewhere on my network. If you have any questions about how to use the program let me know, but it's pretty simple.

Let me know!

Cheers!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24045663
One other thing... the PIX 506 shouldn't have a problem throughputting that much traffic... it should be able to handle up to and probably past 4 bound T1s... although it is an older generation device (I've been deploying the newer ASAs for a few years now), it has very capable hardware. I know for a fact the smallest ASA, the 5505, has firewall bidirectional throughput of ~55mbps when using an IPsec VPN (DES/MD5 - yeah I know, weak crypto, but it was for an internal S2S, so it was fine) connection (I measured it just a few months ago with PCATTCP), and since your 506E is much more capable than the old PIX 501 and won't be doing any encryption - only clear text throughput - then it should have no problem crunching any numbers close to that.

Cheers oncemore!
0
 

Author Comment

by:taverny
ID: 24046654
Thank guys for your input,
below you will find the output you requested, I am not sure if the command sh and show are the same so I copy both outputs.
I will run the PCATTCP tomorrow after work hour and let you know what I got.
if you need an output while my users are logged in let me know and I will post it during the day .

Thanks again.
sh interface from router:
 
 
BRI0/0 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
BRI0/0:1 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
BRI0/0:2 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Ethernet0/0 is up, line protocol is up
  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)
  Internet address is xxx.146.72.41/29
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 2000 bits/sec, 3 packets/sec
  5 minute output rate 4000 bits/sec, 4 packets/sec
     87010 packets input, 22415585 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     90669 packets output, 46931231 bytes, 0 underruns
     4582 output errors, 760 collisions, 4574 interface resets
     0 babbles, 4582 late collision, 415 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is down, line protocol is down
  Hardware is PQUICC with Fractional T1 CSU/DSU
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=down  DSR=up  DTR=up  RTS=up  CTS=down
 
Ethernet1/0 is up, line protocol is up
  Hardware is AmdP2, address is 00b0.6452.a0a8 (bia 00b0.6452.a0a8)
  Internet address is xxx.21.37.106/30
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 5000 bits/sec, 6 packets/sec
  5 minute output rate 5000 bits/sec, 6 packets/sec
     114524 packets input, 50298832 bytes, 0 no buffer
     Received 44 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     116451 packets output, 26328110 bytes, 0 underruns
     0 output errors, 2969 collisions, 1 interface resets
     0 babbles, 0 late collision, 3021 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
-----------------------------------------------
 
sh interface from PIX
 
 
pshinet# sh interface
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000b.5f66.ead0
  IP address xxx.146.72.42, subnet mask 255.255.255.248
  MTU 1500 bytes, BW 10000 Kbit full duplex
        84126 packets input, 40400938 bytes, 0 no buffer
        Received 92 broadcasts, 141 runts, 0 giants
        4734 input errors, 2208 CRC, 2385 frame, 0 overrun, 2208 ignored, 0 abort
        94097 packets output, 23771911 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (0/3) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000b.5f66.ead1
  IP address 192.168.1.254, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit full duplex
        100573 packets input, 24373371 bytes, 0 no buffer
        Received 5618 broadcasts, 335 runts, 0 giants
        922 input errors, 587 CRC, 0 frame, 0 overrun, 587 ignored, 0 abort
        83629 packets output, 39796695 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (2/3) software (0/1)
------------------------------------------
 
sh cpu usage for PIX
 
CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
 
-------------------------------------------
show int for router:
 
 
BRI0/0 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
BRI0/0:1 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
BRI0/0:2 is administratively down, line protocol is down
  Hardware is PQUICC BRI with U interface
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Ethernet0/0 is up, line protocol is up
  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)
  Internet address is xxx.146.72.41/29
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     88285 packets input, 22557166 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     91838 packets output, 47119384 bytes, 0 underruns
     4591 output errors, 760 collisions, 4583 interface resets
     0 babbles, 4591 late collision, 416 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial0/0 is down, line protocol is down
  Hardware is PQUICC with Fractional T1 CSU/DSU
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=down  DSR=up  DTR=up  RTS=up  CTS=down
 
Ethernet1/0 is up, line protocol is up
  Hardware is AmdP2, address is 00b0.6452.a0a8 (bia 00b0.6452.a0a8)
  Internet address is xxx.21.37.106/30
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 1000 bits/sec, 1 packets/sec
  5 minute output rate 3000 bits/sec, 2 packets/sec
     116574 packets input, 50539811 bytes, 0 no buffer
     Received 45 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     118712 packets output, 26540315 bytes, 0 underruns
     0 output errors, 2977 collisions, 1 interface resets
     0 babbles, 0 late collision, 3090 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
-----------------------------------------------------------------
 
show int for PIX:
 
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000b.5f66.ead0
  IP address xxx.146.72.42, subnet mask 255.255.255.248
  MTU 1500 bytes, BW 10000 Kbit full duplex
        84800 packets input, 40485570 bytes, 0 no buffer
        Received 92 broadcasts, 141 runts, 0 giants
        4735 input errors, 2208 CRC, 2386 frame, 0 overrun, 2208 ignored, 0 abort
        94970 packets output, 23870327 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (0/3) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000b.5f66.ead1
  IP address 192.168.1.254, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 10000 Kbit full duplex
        101659 packets input, 24489140 bytes, 0 no buffer
        Received 5689 broadcasts, 335 runts, 0 giants
        922 input errors, 587 CRC, 0 frame, 0 overrun, 587 ignored, 0 abort
        84499 packets output, 39893214 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (2/3) software (0/1)

Open in new window

0
 
LVL 19

Accepted Solution

by:
nodisco earned 1200 total points
ID: 24046684
Ok

you have heaps of interface collisions, crcs and input errors - but these may be historical.  
To clear the counters on them - go to the router and type:
clear counters
and hit enter

You can try hard coding the interfaces or even just having them auto find their duplex/speed settings.
Try auto first just to see if its makes a difference - to do this:
On the router:
interface Ethernet0/0
speed auto
duplex auto

Depending on the router release it may not accept these commands

On the PIX
interface ethernet0 auto
interface ethernet1 auto

Try downloading again and after some testing, post the output of
sh interface Eth0/0


0
 

Author Comment

by:taverny
ID: 24051858
Hi Nodisco,

I think you fix it!!!!  
ok this is what I did
I did a clear counters on the router , but the commands "speed" and "duplex" are not recognized.
this is the step I did on the router:
log into the router.
typed "en"
enter my password
then "conf t"
then " interface Ethernet 0/0
then "speed auto"
then I got invalid input detected at ' '   " under the p of speed"

then on the PIX :
interface ethernet0 auto
interface ethernet1 auto
I didn't do a write command on either of the machine.
and I did a speakeasy test  , then I got a upload and download of 5500 . so I know it's way faster.
why did the auto solved the problem? did the speed was setup differently ?
since I didn't do a save , how can I revert to the configuration before I type those lines? I would like to see if the speed would go down again.
thanks
DAvid

Router sh interface Eth0/0
 
Ethernet0/0 is up, line protocol is up
  Hardware is AmdP2, address is 00b0.6452.a0a0 (bia 00b0.6452.a0a0)
  Internet address is xxx.146.72.41/29
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 9/255, rxload 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:26:51
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 75000 bits/sec, 43 packets/sec
  5 minute output rate 382000 bits/sec, 50 packets/sec
     101300 packets input, 27187207 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     121781 packets output, 108862268 bytes, 0 underruns
     1268 output errors, 5021 collisions, 1241 interface resets
     0 babbles, 1256 late collision, 2032 deferred
     12 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
 
 
 
-----------------------------------------------------------
PIX sh interface Eth0/0
 
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000b.5f66.ead0
  IP address xxx.146.72.42, subnet mask 255.255.255.248
  MTU 1500 bytes, BW 10000 Kbit half duplex
        1295900 packets input, 1101068832 bytes, 0 no buffer
        Received 298 broadcasts, 5848 runts, 0 giants
        84473 input errors, 38933 CRC, 39692 frame, 0 overrun, 38933 ignored, 0 abort
        1213973 packets output, 288113285 bytes, 0 underruns
        0 output errors, 3200 collisions, 0 interface resets
        0 babbles, 0 late collisions, 12255 deferred
        33 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/3)
        output queue (curr/max blocks): hardware (0/82) software (0/1)

Open in new window

0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 800 total points
ID: 24051947
Hi Taverny,

It sounds like you've got an older router - that's why the commands aren't being recognized.

The reason auto might have helped (if it actually did) is that it automatically set the ports on both the PIX and the router to the correct (fastest) setting. It is possible that the router had a statically configured port and the PIX was in auto, which on older routers can cause duplex mismatches (and thus collisions, drops, etc.).

To reset the devices to the original config just restart them but don't write mem.

What does concern me though is that you have errors on both the inside AND outside interfaces of the PIX... you should only have them on the interface connecting to the router if that is the true problem.

At least you appear to not have any errors now... I would still run PCATTCP tonight though just to see what you get.

Cheers!

Let me know if you have any more info!
0
 

Author Comment

by:taverny
ID: 24052001
Sorry, I am confused. you said that I have errors on both the inside and outside of the pix ..... but then you say "at least you appear to not have any errors now.."

do I still have errors or I don't ?

to reboot the pix , do I do it manually or is there a command to reboot it remotely?

I will run the PCATTCP tonight and post the result. I am actully gonna look at it now to see how to set it up.
Thanks
David
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24052296
Oh sorry about that. I meant that before you ran the auto commands you HAD problems on both the inside and outside of the PIX - now you don't have any errors according to the output.

Just do a reload and make sure you don't save changes.

Cheers!
0
 

Author Comment

by:taverny
ID: 24053045
ok I did a reload and the problem ( slow speed ) occured again, less than 300 kbps this time... so weird.
any way I retype the 2 commands and the speed came back up again. I did a write mem just to save the new configuration.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 24053159
Cool! If that is satisfactory for you then I say good! Otherwise, run PCATTCP to verify the throughput; if there is still an issue I'll be glad to help!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24053861
Good to hear that fixed  it.  Often the PIX auto setting is better than using 10/half or 10/full when connecting to Ethernet only routers - I have seen this several times in the past.

cheers
0
 

Author Closing Comment

by:taverny
ID: 31565051
Thank you guys for your help, the speed is perfect, I also have less complaint about people connecting with VPN.
Thanks
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question