It's always a good idea to hard-code speed and duplex settings. interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto
""cage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > R--FW--DMZ > | > Inside > | > Proxy > One proxy is connected to the inside switch connecting to the FW, but > internal users are slow to the outside,but the DMZ users are good.why? I > think something wrong with the proxy configuration! > The config is follwing: > > > sh conf > : Saved > : > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 dmz security50 > nameif ethernet3 intf3 security15 > nameif ethernet4 intf4 security20 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname pixfirewall > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list 101 permit tcp any host 202.99.33.66 eq domain > access-list 101 permit udp any host 202.99.33.66 eq domain > access-list 101 permit tcp any host 202.99.33.67 eq domain > access-list 101 permit udp any host 202.99.33.67 eq domain > > > access-list 101 permit tcp any host 202.99.33.69 eq smtp > pager lines 24 > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > interface ethernet3 auto shutdown > interface ethernet4 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu dmz 1500 > mtu intf3 1500 > mtu intf4 1500 > ip address outside 202.99.34.26 255.255.255.248 > ip address inside 192.168.4.1 255.255.255.0 > ip address dmz 202.99.33.254 255.255.255.0 > ip address intf3 127.0.0.1 255.255.255.255 > ip address intf4 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > > > failover ip address dmz 0.0.0.0 > failover ip address intf3 0.0.0.0 > failover ip address intf4 0.0.0.0 > pdm history enable > arp timeout 14400 > global (outside) 1 202.99.33.253 netmask 255.255.255.0 > global (dmz) 1 202.99.33.73 netmask 255.255.255.0 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 > static (inside,outside) 202.99.33.74 192.168.4.250 netmask 255.255.255.255 0 > 0 > static (inside,dmz) 202.99.33.75 192.168.4.250 netmask 255.255.255.255 0 0 > access-group 101 in interface outside > route outside 0.0.0.0 0.0.0.0 202.99.34.30 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > no floodguard enable > no sysopt route dnat > > > telnet timeout 5 > ssh timeout 5 > terminal width 80 > Cryptochecksum:c64047c1918e68b2c5136af635cd2a0d > > pixfirewall(config)# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35605&t=35603 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
