Hello Ray, Try adding the "ip accounting output-packets" on each T1 interface in The Cisco router. Use the "show ip accounting" command to Try and see where most of the traffic goes to.
Good luck, Udi -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Saturday, September 10, 2005 1:21 AM To: [email protected] Subject: [FW-1] Need some WAGs on a critical Internet line problem This one is kicking our proverbial butt and I'm totally out of ideas. All guesses are gratefully appreciated. Setup: Single R55 gateway. Two T-1's (1.5 M/bps) in a load-balancing configuration connected to the Internet Service provider. The R55 end has a Cisco 2600 series router connected to two CSU/DSU's connected to the T-1's. At precisely midnight on Thursday night Sept 1 (or the morning of Sept. 2, depending on your viewpoint), MRTG at the ISP showed the line utilization increased by over four times and pegged at 100% and has stayed there for the last week. The location behind FW-1 is experiencing a significant amount of delays, obviously. The FW-1 SmartView Reporter reports and SmartView Monitor real-time and history reports show absolutely nothing is wrong. Utilization is high during work hours and almost non-existent after working hours. The Nokia interface traffic counters look completely normal for the external interface and pretty much match SmartView Monitor and SmartView Reporter. Even when FW-1 is showing almost no traffic through its external interface, MRTG is showing the lines at saturation. We even disconnected FW-1 from the Cisco router by removing the crossover cable for one minute and MRTG still showed the line at saturation. Both T-1's were taken out of service and tested by the telecom provider. They swapped one out for CRC errors and have proclaimed both as working perfectly. Both CSU/DSU's on the R55 end were rebooted and also tested by the telecom provider with no problems. The Cisco 2600 router was rebooted as well. It is not showing any errors. The ISP swapped the router out on their end with no change. If we bring either T-1 up separately, it initially starts out OK but MRTG shows it saturates out within a few minutes and the slowdowns begin. Same thing if we bring them both up at the same time. BUT the ISP says there's only about 200 kilobits-per-second going through the Ethernet interface. It's like the T-1's are filling up with garbage bouncing back and forth between the two routers but it's not leaving the routers. I am at a complete loss as to what even to try next to get this narrowed down. Since they're T-1 lines, I don't know how we could even get a sniffer on the lines themselves to see just what trhe heck is inside of them. Thanks in advance for any guesses, Ray ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
