Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX perfomance 4
- Thread starter paul000
- Start date
-
1
- #2
A runt is a packet that is too small. Ethernet protocol requires that each packet be at least 64 bytes long. runts are usually the fragments of packet collisions. Runts can also be the result of bad wiring or electrical interference. Here is a link to the cisco PDM
- Thread starter
- #3
-
1
- #4
Regardless of the errors you are seeing, it could be a direct result of the workload you are placing on it.
What model PIX do you have?
How many machines are internal on the machine?
How many ACL lines do you have?
How many simultaneous VPN connections do you run?
Computer/Network Technician
CCNA
What model PIX do you have?
How many machines are internal on the machine?
How many ACL lines do you have?
How many simultaneous VPN connections do you run?
Computer/Network Technician
CCNA
-
1
- #5
The following link will help you troubleshoot your problem:
- Thread starter
- #6
Thank you
What model PIX do you have?
pix 515e
ios 6.1(1)
pdm 1.1(1)
How many machines are internal on the machine?
600
How many ACL lines do you have?
There are outbound conmands and there not Access list created
only three :internal , dmz1 and outside
How many simultaneous VPN connections do you run?
Oh yes there are five VPN connections throught pix
but thre are only Checkpoint VPN connections(only open some ports) and inside pix
there are not any cisco VPN enabled
What model PIX do you have?
pix 515e
ios 6.1(1)
pdm 1.1(1)
How many machines are internal on the machine?
600
How many ACL lines do you have?
There are outbound conmands and there not Access list created
only three :internal , dmz1 and outside
How many simultaneous VPN connections do you run?
Oh yes there are five VPN connections throught pix
but thre are only Checkpoint VPN connections(only open some ports) and inside pix
there are not any cisco VPN enabled
So all 600 internal LAN machines depend on the PIX501 to access the internet? In your work environment is it typical for a user to access the internet quite a bit?
So there are no access-list commands running on your 3 interfaces?
Computer/Network Technician
CCNA
So there are no access-list commands running on your 3 interfaces?
Computer/Network Technician
CCNA
-
1
- #8
outbound commands are slow... You should replace them with access-lists...
Fix any speed / duplex mismatches as well on the interfaces.
This code will only allow outgoing FTP, DNS, SMTP, and HTTP & HTTPS.
Fix any speed / duplex mismatches as well on the interfaces.
This code will only allow outgoing FTP, DNS, SMTP, and HTTP & HTTPS.
Code:
access-list 102 permit tcp any any eq 20
access-list 102 permit tcp any any eq 21
access-list 102 permit tcp any any eq 25
access-list 102 permit tcp any any eq 53
access-list 102 permit udp any any eq 53
access-list 102 permit tcp any any eq 80
access-list 102 permit tcp any any eq 443
access-group 102 in interface inside- Thread starter
- #9
So there are no access-list commands running on your 3 interfaces?
Yes there are three access lists created throught
apply comand but not by access-list commands
It is possible to remove all outbound rules and apply rules
and to do job with access list command only ???
Thank you
Yes there are three access lists created throught
apply comand but not by access-list commands
It is possible to remove all outbound rules and apply rules
and to do job with access list command only ???
Thank you
- Status
Similar threads
- Locked
- Question
- Locked
- Question