Severely slow interface on PIX 525

[kfriend]

PIX 525 with 5 interfaces
inside
zone1
zone2
zone3
outside

Are my inside and outside interfaces sucking up all my bandwidth or something? Outside shows 4020 packets/sec
inside shows 1002 packets/sec

while zone1, zone2, zone3 are cooking along at less than 20 packets a second...some are as low as 4 packets/sec!!!!

Any help would be appreciated.

myPIX>sho traf
outside:
received (in 195667.344 secs):
451154771 packets 3399368928 bytes
2020 pkts/sec 17000 bytes/sec
transmitted (in 195667.344 secs):
876805371 packets 1811456794 bytes
4020 pkts/sec 9016 bytes/sec

inside:
received (in 195667.344 secs):
629236644 packets 2897380496 bytes
3018 pkts/sec 14017 bytes/sec
transmitted (in 195667.344 secs):
230515533 packets 78098967 bytes
1002 pkts/sec 4 bytes/sec

zone1:
received (in 195667.344 secs):
176387250 packets 3455443516 bytes
1 pkts/sec 17001 bytes/sec
transmitted (in 195667.344 secs):
106593010 packets 983706210 bytes
17 pkts/sec 5005 bytes/sec
zone2:
received (in 195667.344 secs):
62066419 packets 1476599712 bytes
9 pkts/sec 7019 bytes/sec
transmitted (in 195667.344 secs):
43807629 packets 1822116117 bytes
4 pkts/sec 9005 bytes/sec

zone3:
received (in 195668.374 secs):
2316810 packets 249381726 bytes
11 pkts/sec 1011 bytes/sec
transmitted (in 195668.374 secs):
2230483 packets 336921450 bytes
11 pkts/sec 1019 bytes/sec

admin:
received (in 195668.374 secs):
61814882 packets 211092593 bytes
8 pkts/sec 1012 bytes/sec
transmitted (in 195668.374 secs):
121194103 packets 3602770722 bytes
4 pkts/sec 18017 bytes/sec

MCSE/MCDBA
SANS GIAC + SANS FIREWALL

 

[kfriend]

just noticed my outside interface plugged into a router is showing this:

interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is xxxx.xxxx.xxxx
IP address 10.75.255.2, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
451176639 packets input, 3401926197 bytes, 0 no buffer
Received 0 broadcasts, 311636 runts, 0 giants
67524 input errors, 34371 CRC, 33153 frame, 0 overrun, 34371 ignored, 0
abort


Still need assistance, not sure what this is pointing to.



MCSE/MCDBA
SANS GIAC + SANS FIREWALL

 

[kfriend]

I think this may be attributed to the router 10.75.255.1 being configured as auto-negotiate while the pix is set manually.

I've contacted the router administrator to get the scoop on this. BUT, I don't know if this directly relates to the problem I'm having on the other interfaces.



MCSE/MCDBA
SANS GIAC + SANS FIREWALL

 

[baddos]

Yes... You either need to use autonegotiate or static on both ends. You can't have one end us static, because the autonegotiate end will default to 10mb/half duplex.

 

[kfriend]

yeah this may be part of the problem...but the oddity is the fact that all of the interfaces on my add-in card are running very slow. While onboard nics E0 and E1 are blazing still.

We're going to fix the outside interface to router sometime today...I don't think it's going to fix the other problem.

We already did a clear xlate, and still slow.



MCSE/MCDBA
SANS GIAC + SANS FIREWALL