Your PIX interfaces are set for 100/half duplex. If you want 100/full duplex then specify "100full" in the config. Verify by a "sh int"
> -----Original Message----- > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 17, 2003 10:19 AM > To: [EMAIL PROTECTED] > Subject: Internet is very slow behind Pix 515E UR [7:70783] > > > Whenever I access the web site which is behind the Pix > firewalls, the speed > is really slow. > > I bypassed the firewall and accessed the same site and it's fast! > > I checked my settings and made sure all the connected devices > are running at > 100 and full duplex, they all are! > > I mean why this is happening ... is it because the pix have > to inspect each > packet! > > The Bandwidth from the service provider is 64k. > > Any Idea Please. > > > Any ideas? > > > The Pix version is 6.1 besides this is satellite connection > > The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 > Outside address range is 10.15.9.163-183 255.255.255.224 > Default Gateway: 10.15.9.62 255.255.255.224 > DNS1: 195.238.62.1 > DNS2: 195.238.40.30 > > > > > AN# show config > : Saved > : > PIX Version 6.1(4) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 intf2 security10 > enable password kC9ZDwfWejkBqApp encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname AN > domain-name ciscopix.com > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol rtsp 554 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list acl_in permit icmp any any > access-list acl_in permit udp any any > access-list acl_in permit tcp any any > pager lines 10 > logging buffered debugging > interface ethernet0 100basetx > interface ethernet1 100basetx > interface ethernet2 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu intf2 1500 > ip address outside 10.15.9.163 255.255.255.224 > ip address inside 191.1.1.85 255.255.0.0 > ip address intf2 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > pdm history enable > arp timeout 14400 > global (outside) 1 10.15.9.164-10.15.9.180 > global (outside) 1 10.15.9.181 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > access-group acl_out in interface outside > access-group acl_in in interface inside > route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 si > p 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > http server enable > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > no sysopt route dnat > telnet 0.0.0.0 0.0.0.0 inside > telnet timeout 5 > ssh timeout 5 > terminal width 80 > Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de > AN# > > > > Ismail Al-Shelh > > [GroupStudy removed an attachment of type image/gif which had > a name of > image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70795&t=70783 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]