Pix 515E Firewall Problem

hardypeter · ‎04-19-2005

Hi

I'm having a problem with the DMZ on my firewall.I wonder if anyone can help and give me some suggestions on how to fix it.

The setup is that i have a leased line entering the building with a number of external ip's attached. The Firewall is attached to the router with two web servers in the DMZ and the main network of computers on the inside interface.

The web servers are setup with a static translation rule from their internal ip address to a external ip address. The main network is setup with a NAT translation rule using one external ip address for all computers.

The problem that i'm having is that when i connect to the servers from internal the connection is fine with no problems. When a connection is made from external off the web the connection is very slow and impossable to use as the data transfers at a snail pace. Everything was working fine up until about two weeks ago then the transfer rate just dropped and i cannot see a reason why. If you try and access the internet from the DMZ the same porblem occurs as accessing them the other way.

Any help would be appreciated.

Peter

Patrick Iseli · ‎04-19-2005

Have you checked the interface statistics, show interface, for CRC Error and such stuff.

Might it be that you have a duplex issue. Slow transfer rates can be one of the syntomes.

Fix Duplex and Speed mode on the Switch and on the PIX Firewall to the same value or let both on AUTO.

See interface statistics:

show interface

sincerely

Patrick

hardypeter · ‎04-19-2005

Hi

I have checked the interface stats and everything seems fine. Both the firewall and switch are set for auto detection of the duplex and speed.

Peter