[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 727
  • Last Modified:

Internet speed with PIX 515E

hi
On a scale of 1 to 5 Cisco skills, I am about a 2 or 3.  So bare with me.  I am new here at this company and i did not configure this infrastructure. We change isp for our internet  and now i change the ip addres in the pix . We have port 0 externe and port 1 inside.
The probleme is that from the externe port i get 30mb up and 2 down speed test and from the inside port I get 1mb up and 1 mb down.
I change the cable still have the problem.
pls help  me  
tks

0
pcrete
Asked:
pcrete
  • 15
  • 8
  • 3
2 Solutions
 
pcreteAuthor Commented:
also the two port are auto setting
0
 
pcreteAuthor Commented:
he is the show int
Result of firewall command: "show int"
 
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0012.7f4c.4c17
  IP address x.x.x.x, subnet mask 255.255.255.248
  MTU 1500 bytes, BW 100000 Kbit full duplex
      7664861 packets input, 2668613313 bytes, 0 no buffer
      Received 97521 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      6291653 packets output, 1674299207 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      3 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/43)
      output queue (curr/max blocks): hardware (0/17) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0012.7f4c.4c18
  IP address 192.168.1.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
      14728035 packets input, 721327731 bytes, 0 no buffer
      Received 2115328 broadcasts, 41 runts, 0 giants
      106 input errors, 65 CRC, 0 frame, 0 overrun, 65 ignored, 0 abort
      13291614 packets output, 537248569 bytes, 0 underruns
      0 output errors, 96 collisions, 0 interface resets
      0 babbles, 77 late collisions, 24 deferred
      42 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/115)
      output queue (curr/max blocks): hardware (5/116) software (0/1)
interface ethernet2 "dmz1" is up, line protocol is up
  Hardware is i82559 ethernet, address is 000e.0c5b.3988
  IP address 192.168.10.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
      4144314 packets input, 2102607992 bytes, 0 no buffer
      Received 153639 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      4085197 packets output, 2993078126 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      1 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/19)
      output queue (curr/max blocks): hardware (0/10) software (0/1)
0
 
Ernie BeekCommented:
2 or 3, so you're already half way there :)

There are some collisions and errors showing, you might want to check the switch/device behind the pix as well.
Did you check the logs to see if anything shows up there?
And perhaps you could post a sanitezed config so we can hve a look at that as well?
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
pcreteAuthor Commented:
what is the command for that config
0
 
Ernie BeekCommented:
Show run. Then use the space bar to scroll to the end of the config.
0
 
pcreteAuthor Commented:
ok maybe after all this Ill be 3 or 4 cisco skills   :)

show run  :

Result of firewall command: "show run"
 
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz1 security4
hostname PIX
domain-name finlogik.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 1280
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names

object-group service ftps tcp
  port-object range 50000 51000
object-group service DMZtoAD_TCP tcp
  description DMZ to ActiveDirectory
  port-object eq 88
  port-object eq 464
  port-object eq netbios-ssn
  port-object eq 137
  port-object eq 135
  port-object eq 123
  port-object eq 445
  port-object eq domain
  port-object eq 1026
  port-object range 10000 10020
  port-object eq 8000
  port-object eq 3268
  port-object eq ldaps
  port-object eq ldap
  port-object eq 1025
object-group service DMZtoAD_UDP udp
  description DMZ to ActiveDirectory
  port-object eq 88
  port-object eq 464
  port-object eq netbios-dgm
  port-object eq netbios-ns
  port-object eq ntp
  port-object eq 445
  port-object eq domain
  port-object eq 389
  port-object eq 1025
object-group service SMB_TCP tcp
  port-object eq 445
  port-object eq 1025
  port-object eq 135
  port-object eq 138
object-group service SMB_UDP udp
  port-object eq 1027
  port-object eq 1026
  port-object eq netbios-ns
  port-object eq 135
object-group service srv-ns5 tcp
  description `
  port-object eq 123
  port-object eq 88
  port-object eq 464
  port-object eq 3268
  port-object eq domain
  port-object eq 137
  port-object eq 135
  port-object range 10000 10002
  port-object eq netbios-ssn
  port-object eq 445
  port-object eq 1026
  port-object eq ldap
object-group service srv-ns5udp udp
  port-object eq 88
  port-object eq netbios-ns
  port-object eq netbios-dgm
  port-object eq domain
  port-object eq 445
  port-object eq time
  port-object eq 385
  port-object eq ntp
access-list acl_outbound permit udp any any
access-list outside deny ip 0.0.0.0 255.0.0.0 any
access-list outside deny ip 10.0.0.0 255.0.0.0 any
access-list outside deny ip 127.0.0.0 255.0.0.0 any
access-list outside deny ip 169.254.0.0 255.255.0.0 any
access-list outside permit ip 192.168.200.0 255.255.255.0 any
access-list outside permit icmp 192.168.200.0 255.255.255.0 any
access-list outside deny ip 192.168.0.0 255.255.0.0 any
access-list outside permit icmp any any time-exceeded
access-list outside permit icmp any any echo-reply
access-list outside permit tcp 192.168.200.0 255.255.255.0 any
access-list outside permit tcp any host 64.254.226.34 eq https
access-list outside permit tcp any host 64.254.226.34 eq 993
access-list outside permit tcp any host 64.254.226.34 eq imap4
access-list outside permit tcp any host 64.254.226.35 eq https
access-list outside permit tcp any host 64.254.226.35 eq www
access-list outside permit tcp any host 24.x.x.x eq www
access-list outside permit tcp any host 24.x.x.x eq ftp
access-list outside permit tcp any host 24.x.x.x eq 990
access-list outside permit tcp any host 24.x.x.x eq ftp-data
access-list outside permit tcp any host 24.x.x.x eq 8080
access-list outside permit tcp any host 64.y.y.y eq smtp
access-list outside permit tcp any eq 8443 host 24.x.x.x eq 8443
access-list outside permit tcp any host 24.x.x.x range 50000 50014
access-list outside permit tcp any eq 8009 host 24.x.x.x eq 8009
access-list outside permit tcp any host 24.y.y.y eq https
access-list outside remark Terminal server - RDP port
access-list outside permit tcp any eq 3389 host 24.y.y.y eq 3389
access-list outside permit tcp any host 24.y.y.y
access-list outside permit ip any host 24.y.y.y
access-list outside remark Terminal server gateway port
access-list outside permit tcp any eq https host 24.y.y.y eq https
access-list inside deny ip any 0.0.0.0 255.0.0.0
access-list inside deny ip any 10.0.0.0 255.0.0.0
access-list inside deny ip any 127.0.0.0 255.0.0.0
access-list inside deny ip any 169.254.0.0 255.255.0.0
access-list inside deny tcp any eq 1484 any eq https
access-list inside deny tcp any eq 2400 any eq https
access-list inside deny udp any eq 1900 any eq 1900
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq ssh
access-list inside permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list inside permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq https
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 3389
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq isakmp
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 4500
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 5900
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 5000
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 33115
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 943
access-list inside permit tcp 192.168.1.0 255.255.255.0 any range 4502 4520
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 4000
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 4001
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 3724
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 11999
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 43594
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 43595
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 17185
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq imap4
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 993
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 8080
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 8003
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 8443
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 2300
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 2301
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 6073
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 1863
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 1863
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 5190
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6891
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6892
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6893
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6894
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6895
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6896
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6897
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6898
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6899
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6900
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 3101
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 6901
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 6901
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq nntp
access-list inside permit udp 192.168.1.0 255.255.255.0 any eq 64520
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28800
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28801
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28802
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28803
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28804
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 28805
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 9009
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq ftp
access-list inside permit udp host srv-fin1 any eq domain
access-list inside permit tcp host srv-fin1 any eq domain
access-list inside permit udp host SRV-DC1 any eq ntp
access-list inside permit tcp host SRV-DC2 any eq 123
access-list inside permit tcp host SRV-DC2 host SRV-SQL3-DMZ eq ldap
access-list inside permit tcp host SRV-DC2 host SRV-SQL3-DMZ
access-list inside permit tcp host SRV-EXCH2 host SRV-NS3-DMZ eq smtp
access-list inside permit tcp host SRV-EXCH2 host SRV-SQL3-DMZ eq smtp
access-list inside permit tcp host SRV-EXCH2 host SRV-SQL3-DMZ eq imap4
access-list inside permit tcp host XEROX host SRV-NS3-DMZ eq smtp
access-list inside permit udp host SRV-DC2 any eq domain
access-list inside permit tcp host SRV-DC2 any eq domain
access-list inside permit udp host SRV-DC2 any eq ntp
access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 8009
access-list inside permit icmp host 192.168.1.51 any
access-list inside permit tcp 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside permit tcp host Hyper-V-1 host Hyper-V-DMZ log 4
access-list inside permit udp host Hyper-V-1 host Hyper-V-DMZ log 4
access-list inside permit icmp host Hyper-V-1 host Hyper-V-DMZ log 4
access-list inside remark Sql Azure Cloud Test
access-list inside permit tcp any any eq 1433
access-list inside remark test avec videotron
access-list inside permit tcp any any
access-list inside permit tcp any interface outside
access-list dmz1 permit ip any 192.168.200.0 255.255.255.0
access-list dmz1 deny ip any 0.0.0.0 255.0.0.0
access-list dmz1 deny ip any 10.0.0.0 255.0.0.0
access-list dmz1 deny ip any 127.0.0.0 255.0.0.0
access-list dmz1 deny ip any 169.254.0.0 255.255.0.0
access-list dmz1 deny ip any 192.168.0.0 255.255.255.0
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 any eq https
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 any eq 8443
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 any eq 8009
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 host SRV-DC1 object-group DMZtoAD_TCP
access-list dmz1 permit udp 192.168.10.0 255.255.255.0 host SRV-DC1 object-group DMZtoAD_UDP
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 host SRV-DC2 object-group DMZtoAD_TCP
access-list dmz1 permit udp 192.168.10.0 255.255.255.0 host SRV-DC2 object-group DMZtoAD_UDP
access-list dmz1 permit udp 192.168.10.0 255.255.255.0 host DC1 object-group DMZtoAD_UDP
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 host DC1 object-group DMZtoAD_TCP
access-list dmz1 permit tcp 192.168.10.0 255.255.255.0 host srv-fin1 object-group DMZtoAD_TCP
access-list dmz1 permit udp 192.168.10.0 255.255.255.0 host srv-fin1 object-group DMZtoAD_UDP
access-list dmz1 permit udp host copap-DMZ host SRV-DC2 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host copap-DMZ host SRV-DC2 object-group DMZtoAD_TCP
access-list dmz1 permit udp host SRV-SQL3-DMZ host SRV-DC2 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host SRV-SQL3-DMZ host SRV-DC2 object-group DMZtoAD_TCP
access-list dmz1 permit udp host SRV-SQL3-DMZ host SRV-DC1 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host SRV-SQL3-DMZ host SRV-DC1 object-group DMZtoAD_TCP
access-list dmz1 permit tcp host copap-DMZ host SRV-DC1 object-group DMZtoAD_TCP
access-list dmz1 permit udp host copap-DMZ host SRV-DC1 object-group DMZtoAD_UDP
access-list dmz1 permit udp host Hyper-V-DMZ1 host SRV-DC1 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host Hyper-V-DMZ1 host SRV-DC1 object-group DMZtoAD_TCP
access-list dmz1 permit tcp host Hyper-V-DMZ1 host SRV-DC2 object-group DMZtoAD_TCP
access-list dmz1 permit udp host Hyper-V-DMZ1 host SRV-DC2 object-group DMZtoAD_UDP
access-list dmz1 permit udp host infrasontario-DMZ host srv-fin1 object-group DMZtoAD_UDP
access-list dmz1 permit udp host infrasontario-DMZ host SRV-DC2 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host infrasontario-DMZ host SRV-DC2 object-group DMZtoAD_TCP
access-list dmz1 permit tcp host infrasontario-DMZ host srv-fin1 object-group DMZtoAD_TCP
access-list dmz1 permit icmp 192.168.10.0 255.255.255.0 host SRV-DC2
access-list dmz1 permit icmp 192.168.10.0 255.255.255.0 host SRV-DC1
access-list dmz1 permit icmp 192.168.10.0 255.255.255.0 host DC1
access-list dmz1 permit icmp 192.168.10.0 255.255.255.0 host srv-fin1
access-list dmz1 permit udp host Hyper-V-DMZ host Hyper-V-1 log 7
access-list dmz1 permit icmp any 192.168.0.0 255.255.0.0 time-exceeded
access-list dmz1 permit icmp any 192.168.0.0 255.255.0.0 echo-reply
access-list dmz1 permit tcp host Hyper-V-DMZ host Hyper-V-1
access-list dmz1 permit tcp host SRV-NS3-DMZ any eq smtp
access-list dmz1 permit tcp host SRV-NS3-DMZ host SRV-EXCH2 eq 691
access-list dmz1 permit tcp host SRV-NS5-DMZ host srv-sql4 eq 1433
access-list dmz1 permit tcp host SRV-NS5-DMZ host srv-sql4 eq 6112
access-list dmz1 permit tcp host SRV-NS5-DMZ host SRV-BCK1 range 10000 10020
access-list dmz1 permit tcp host copap-DMZ host SRV-BCK1 range 10000 10020
access-list dmz1 permit tcp host SRV-NS3-DMZ host SRV-BCK1 range 10000 10020
access-list dmz1 permit tcp host SRV-SQL3-DMZ host SRV-BCK1 range 10000 10020
access-list dmz1 permit tcp host copap-DMZ host SRV-DC1
access-list dmz1 permit icmp host Hyper-V-DMZ host Hyper-V-1 log 7
access-list dmz1 permit tcp host VDM host DC1 range 10000 10020
access-list dmz1 permit tcp host VDM host srv-fin1 range 10000 10020
access-list dmz1 permit udp host VDM host DC1 object-group DMZtoAD_UDP
access-list dmz1 permit udp host VDM host srv-fin1 object-group DMZtoAD_UDP
access-list dmz1 permit udp host VDM object-group DMZtoAD_UDP 192.168.1.0 255.255.255.0 object-group DMZtoAD_UDP
access-list dmz1 permit tcp host infrasontario-DMZ any
access-list vpnclientacl permit ip any 192.168.200.0 255.255.255.0
access-list vpnclientacl permit ip host srv-fin1 192.168.200.64 255.255.255.192
access-list dmz_vpnclientacl permit ip 192.168.10.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list dmz_access_in permit ip 192.168.10.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list vpnclientip permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list vpnclientip permit ip 192.168.10.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list inside_authentication_RADIUS permit tcp host srv-fin1 interface outside
pager lines 24
logging on
logging timestamp
logging monitor errors
logging buffered errors
logging trap warnings
logging history errors
logging device-id hostname
logging host inside SRV-DC1
logging host inside SRV-DC2
logging host inside DC1
logging host inside srv-fin1
icmp deny any outside
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
ip address outside 24.x.x.x 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip address dmz1 192.168.10.1 255.255.255.0
ip audit info action reset
ip audit attack action reset
ip local pool vpnclientip 192.168.200.64-192.168.200.127
ip local pool Vpn_Group 192.168.200.128-192.168.200.150

pdm logging warnings 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list vpnclientacl
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz1) 0 access-list dmz_vpnclientacl
nat (dmz1) 1 192.168.10.0 255.255.255.0 0 0
static (dmz1,outside) tcp 64.254.226.34 https SRV-NS3-DMZ https netmask 255.255.255.255 500 50
static (dmz1,outside) tcp 64.254.226.34 993 SRV-NS3-DMZ 993 netmask 255.255.255.255 500 50
static (dmz1,outside) tcp 64.254.226.34 imap4 SRV-NS3-DMZ imap4 netmask 255.255.255.255 500 50
static (dmz1,outside) tcp interface ftp SRV-NS5-DMZ ftp netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50000 SRV-NS5-DMZ 50000 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50001 SRV-NS5-DMZ 50001 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50002 SRV-NS5-DMZ 50002 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50003 SRV-NS5-DMZ 50003 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50004 SRV-NS5-DMZ 50004 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50005 SRV-NS5-DMZ 50005 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50006 SRV-NS5-DMZ 50006 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50007 SRV-NS5-DMZ 50007 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50008 SRV-NS5-DMZ 50008 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50009 SRV-NS5-DMZ 50009 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50010 SRV-NS5-DMZ 50010 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50011 SRV-NS5-DMZ 50011 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50012 SRV-NS5-DMZ 50012 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50013 SRV-NS5-DMZ 50013 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 50014 SRV-NS5-DMZ 50014 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 990 SRV-NS5-DMZ 990 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface ftp-data SRV-NS5-DMZ ftp-data netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface www SRV-NS5-DMZ www netmask 255.255.255.255 0 0

static (dmz1,outside) tcp interface 8080 SRV-NS5-DMZ 8080 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 8443 SRV-NS5-DMZ 8443 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp interface 8009 SRV-NS5-DMZ 8009 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp 24.37.25.179 https infrasontario-DMZ https netmask 255.255.255.255 0 0
static (dmz1,outside) tcp 24.37.25.179 www infrasontario-DMZ www netmask 255.255.255.255 0 0
static (dmz1,outside) tcp 24.37.25.179 3389 infrasontario-DMZ 3389 netmask 255.255.255.255 0 0
static (dmz1,outside) tcp 64.254.226.34 smtp SRV-NS3-DMZ smtp netmask 255.255.255.255 0 0
static (dmz1,outside) tcp 24.37.25.179 8080 infrasontario-DMZ 8080 netmask 255.255.255.255 0 0
static (inside,dmz1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
access-group outside in interface outside
access-group inside in interface inside
access-group dmz1 in interface dmz1
route outside 0.0.0.0 0.0.0.0 24.37.25.177 1
route dmz1 Hyper-V-DMZ 255.255.255.255 192.168.10.1 1
route dmz1 infrasontario-DMZ 255.255.255.255 192.168.10.1 1
route dmz1 BARRACUDA 255.255.255.255 192.168.10.1 1
route dmz1 SRV-NS3-DMZ 255.255.255.255 192.168.10.1 1
route dmz1 SRV-SMTP-dmz 255.255.255.255 192.168.10.1 1
route dmz1 SRV-NS5-DMZ 255.255.255.255 192.168.10.1 1
route dmz1 copap-DMZ 255.255.255.255 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host SRV-DC2 fkP8cd43 timeout 5
aaa-server RADIUS (inside) host SRV-DC1 fkP8cd43 timeout 5
aaa-server RADIUS (inside) host DC1 Vpn:8448 timeout 5
aaa-server RADIUS (inside) host srv-fin1 Vpn:8448 timeout 5
aaa-server LOCAL protocol local
aaa authentication match inside_authentication_RADIUS inside RADIUS
ntp server SRV-DC1 source inside prefer
ntp server DC1 source inside prefer
http server enable
http SRV-BCK1 255.255.255.255 inside
http 192.168.1.177 255.255.255.255 inside
snmp-server host inside ubuntu
no snmp-server location
no snmp-server contact
snmp-server community Zenoss:8448
snmp-server enable traps
tftp-server inside SRV-BCK1 /pix_backup
floodguard enable
sysopt connection permit-ipsec
service resetinbound
service resetoutside
crypto ipsec transform-set vpnclientset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set Vpn_Group esp-3des esp-sha-hmac
crypto dynamic-map dyn-vpn 30 set transform-set vpnclientset
crypto dynamic-map dyn-vpn 40 set transform-set Vpn_Group
crypto map pixmap 30 ipsec-isakmp dynamic dyn-vpn
crypto map pixmap client authentication RADIUS
crypto map pixmap interface outside
crypto map inside_map interface inside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode

isakmp key ******** address 24.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50 hash sha
isakmp policy 50 group 2
isakmp policy 50 lifetime 86400
vpngroup vpnrad1 address-pool vpnclientip
vpngroup vpnrad1 dns-server srv-fin1 DC1
vpngroup vpnrad1 wins-server srv-fin1 DC1
vpngroup vpnrad1 default-domain finlogik.com
vpngroup vpnrad1 split-tunnel vpnclientip
vpngroup vpnrad1 idle-time 28800
vpngroup vpnrad1 max-time 28800
vpngroup vpnrad1 password ********
vpngroup Vpn_Group address-pool Vpn_Group
vpngroup Vpn_Group dns-server DC1 srv-fin1
vpngroup Vpn_Group wins-server DC1 srv-fin1
vpngroup Vpn_Group default-domain finlogik.com
vpngroup Vpn_Group idle-time 1800
vpngroup Vpn_Group password ********
telnet SRV-BCK1 255.255.255.255 inside
telnet timeout 30
ssh SRV-BCK1 255.255.255.255 inside
ssh timeout 20
management-access inside
console timeout 0
username vpnfin1 nopassword privilege 15
terminal width 80
Cryptochecksum:2f8673aa2123c26b3577b789cd30cc61
: end
0
 
ddiazpCommented:
I see you have:

interface ethernet0 auto
interface ethernet1 auto

basically setting auto speed and auto duplex is not ideal. on your inside interface (where your problem seems to be -- external is probably normal), try hard coding full duplex and 100 mbps (this is what's negotiated) on eth1 and on whatever switchport it connects to.

What test did you perform to come up with the 1mb speed on the internal interface?

Also, what is the Firewall connected to on the inside? If it's a managed switch, is the switchport on a VLAN? do you have the config for that switchport?

0
 
pcreteAuthor Commented:
Hi,
should I put the eth0 at   100 basetx  or 100 full,
I did my test from a web site speedtest.org,  the only equipement we have is a pix 515e that connect to a auto-config switch to all our workstation and the server . We do not have any vlan
0
 
Ernie BeekCommented:
Just to check, if you connect a pc directly to the inside interface what speeds do you get then?
0
 
ddiazpCommented:
Try this:

1. Clear all interface counters:
conf)# clear counter
or
conf)# clear interface

2. verify interface counters are reset:
#show interface ethernet0
#show interface ethernet1

3. perform the test you mentioned above again (inside and outside)

4. post results of test (screenshots would be nice)

5. Verify interface stats:
#show interface ethernet0
#show interface ethernet1



What brand/model switch do you have?
0
 
pcreteAuthor Commented:
ok I will try this tomorrow because im out for the day

tks again for the help guys
0
 
Ernie BeekCommented:
You're welcome :)
We'll be here.
0
 
pcreteAuthor Commented:
hi,
We have a dell PowerConnect 2724 for our switch, i know it not the best :(

Result of firewall command: "show interface ethernet0"
 
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0012.7f4c.4c17
  IP address 24.x.x.x, subnet mask 255.255.255.248
  MTU 1500 bytes, BW 100000 Kbit full duplex
      12629 packets input, 7783146 bytes, 0 no buffer
      Received 92 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      12356 packets output, 4886769 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      0 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/1)
      output queue (curr/max blocks): hardware (0/5) software (0/1)


Result of firewall command: "show interface ethernet1"
 
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0012.7f4c.4c18
  IP address 192.168.1.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
      18006 packets input, 5816857 bytes, 0 no buffer
      Received 3873 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      14793 packets output, 8624516 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      77 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/9)
      output queue (curr/max blocks): hardware (3/13) software (0/1)



speedtest-Outside.png
speedtest-inside.PNG
0
 
Ernie BeekCommented:
So did you try hooking up a pc directly to the PIX?
0
 
pcreteAuthor Commented:
that my next step. :)
0
 
Ernie BeekCommented:
Ok, good ;)
0
 
pcreteAuthor Commented:
sry for my next question but went I put the pc in the inside port of my pix I get no internet connection ... Why ? Do I need do configure my nic card
0
 
Ernie BeekCommented:
I assume the PIX isn't DHCP server for your LAN so you need to set a static IP to your nic. Let's say: 192.168.1.2 255.255.255.0 and gateway: 192.168.1.1
0
 
pcreteAuthor Commented:
cool tks, I will try that
0
 
pcreteAuthor Commented:
Hi,
ok so now what because its the same from the inside port with my laptop.
Could it be my pix (firewall) is bloking my new isp internet acces
speedtestportinside.png
0
 
pcreteAuthor Commented:
ok, stupid question again, Do I need to put a cross over between my pix and my switch, could that be my problem....
0
 
pcreteAuthor Commented:
so now i still have the same problem a try to put the port o and 1 to full same speed so Ill put back the setting to auto.....   Ill so lost now I do not know what do to next
0
 
Ernie BeekCommented:
It's looking like rather a challenge indeed......

Let me think, when looking at the logs does anything show up there?

You also have a DMZ, what if you do a speed test from there?
0
 
ddiazpCommented:
Were you able to clear the counters on your interfaces on the pix? If so, can you post the 'show interface eth0' again?
0
 
pcreteAuthor Commented:
ok ill do those test tomorrow

tks again
0
 
pcreteAuthor Commented:
hey guys,
finaly i call videotron our new isp and there says that their equipement has a bug on one for the port. So i have all new equipement and now I get 30 up and 2 down from my speed test  :)

Tks again for all the help
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 15
  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now