Bottlenecks almost always end up being the smallest pipe on a network. In
your case you have a possible 4 T1's which even when all are fully utilized
will only pass around 6mb of traffic per second. Even your darn 10 baseT
ethernet pipes could handle that. The PIX can handle up to 170mb per se
lto:[EMAIL PROTECTED]]
Sent: Thursday, March 15, 2001 22:47
To: [EMAIL PROTECTED]
Subject: Re: PIX Performance
Bottlenecks almost always end up being the smallest pipe on a network. In
your case you have a possible 4 T1's which even when all are fully utilized
will only pass around
ll below the PIX's
> ability.
> full rated capacity of the
> wire anyway :)>
>
>
> Thanks!
> TJ
>
> -Original Message-
> From: Groupstudy [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 15, 2001 22:47
> To: [EMAIL PROTECTED]
> Subject
How's about a little 'real-life' observation on a 515UR/failover package:
Problem:
external limited to ~850Kbit/s since install. Normal range, 2.5-3.5Mbits/s
internal ether on 515 does not exceed 140-160KBytes/s
internal ether has unusual number of IP transport retransmissions.
no apparent loops/
It *was* broke.
After much wailing and gnashing of teeth, I finally tried shutting down the
primary.
Bandwidth was immediately improved.
S, I'm calling this a faulty 515 primary system E0 interface.
Best, G.
_
FAQ, list archives, and subscription info: http:
PPTP VPN does put a lot overhead on your PIX, more than IPsec. The good
news is that VPN client for 2k already available and we just started to
rollout.
Ruihai
""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a pix 515 R, and I have n
You've asked several questions here and I will give you my take on them.
I have found that the PPTP client is slower than the Cisco Secure client,
but you don't have any real choice for the moment. It is also possible that
you've overloaded the PIX with concurrent VPN users. The encryption
proc
Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue. I
validated this by putting a vpn test box outside the firewall. The
encryption overhead and known issues with TCP/IP being slower on Windows add
up and cause PPTP to crawl. Add on top of that 56K + internet traffic
betwe
lt;[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: Pix Performance Issues
>Date: Mon, 2 Apr 2001 11:32:31 -0500
>
>Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue.
>I
>validated this by putting a vpn test box outside the firewall.
1 2:05 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Pix Performance Issues
I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which
makes it 515UR for 6k. I was thinking that it was pptp, but since I am using
local authentication, users authenticate at the fw w
""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which
> makes it 515UR for 6k. I was thinking that it was pptp, but since I am
using
> local authentication, users authentic
The new Windows 2000 VPN Concentrator v3 client is out, but won't be
supported on the PIX until the v6 software is released (and some newer
version of IOS to support it on routers). Before dropping money to upgrade
the PIX, I'd suggest looking at the Cisco Concentrator line which is geared
specif
First of all, the Pix515E is running on an Intel Celeron 433Mhz, not PII.
I have customers that have no problem migrating from CheckPoint NG (FP2) over
to Pix515 firewall (running version 6.2(2)). At the same time, I've seen
customers
having problems with the Pix firewalls that I have to migrate
Mohannad,
1) Have you taken sniffer traces? If so, what information did they tell
you? If you have not taken a sniffer trace, you absolutely need to do this.
You need to look at the TCP windows and MSS values and compare the trace
through the PIX and without the PIX. If you have the traces you
Have you checked the basics like port and duplex matching on the switch/hub
it's connected to?
Sincerely
Patrick Greene
-Original Message-
From: Mohannad Khuffash [mailto:[EMAIL PROTECTED]]
Sent: Wed 3/20/2002 2:47 PM
To: [EMAIL PROTECTED]
I would hate to ask the obvious but are your interfaces showing high error
rates? Are they at half duplex? Are they at 10mb? Is the switch the
inside interface is plugged into stable? what about the router on the other
side?
-Patrick
>>> "Mohannad Khuffash" 03/20/02 02:47PM >>>
Dear all,
My
Dear All,
I would first thank you for your worthfull contributions which enable me to
solve the problem! The problem was that the interfaces is set to full duplex
(10full or 100full commands), and when i change the configuration to 10base
and 100base the problem has been solved totally !! I'm stil
17 matches
Mail list logo
