I have a PIX 515E V7.0.4 and I'm having trouble with http access between the inside interface and a DMZ zone I have. I have a web server setup in the DMZ with an web interface to upload/download files. I can connect to this interface from a workstation in the inside network but when I try to download a file it is incredibly slow. If I upload a file there are no speed issues. If I connect using an https connection then both upload and downloads are at speeds I would expect.
I have disabled http inspect but this didn't improve the speed connection.
Other http communications from inside to outside do not have any speed issues in either direction.
Any thoughts or suggestions appreciated.
Thanks,
Karl
Hello,
Run captures in order to determine if there is something weird with the TCP interaction between both devices ( client and server)
Hi,
I ran wireshark on the client to see if I could determine the problem. When comparing the trace between upload and download there was nothing that stood out in the download trace when compared to the upload. Both looked very similar.
Thanks.
Hello,
What about retransmissions or out of order packets?
Regards,
Julio
Hi Julio,
I did another packet trace of a file download that had about 10K packets. Of those I saw about 5 of the following:
[TCP Retransmission ] Continuation or non-HTTP traffic (all from the server to the workstation)
The majority of the packets were:
Continuation or non-HTTP traffic (both directions)
I wanted to mention that I also have tried changing the port settings on both the server NIC and switch port it connects to. Every possible combo (auto, full, half)
The PIX DMZ interface is set to 100 Full and also the switch port it connects to (3COM Superstack). I don't seem to have any speed issues for other applications running on this server, FTP, File sharing.
Thanks,
Karl
Hello,
How many retransmission packets do you see on wireshark?
Please provide me the show interface of the ASA ( related to DMZ )
Out of the trace of about 10000 packets I saw 5 or 6 retransmission packets.
Here is the sho int for my DMZ interface
Interface Ethernet2 "DMZ", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Description: DMZ Zone.
MAC address 000d.8811.c32c, MTU 1500
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.0
25467862676 packets input, 5078676771134 bytes, 0 no buffer
Received 8304357 broadcasts, 0 runts, 0 giants
13 input errors, 0 CRC, 0 frame, 13 overrun, 0 ignored, 0 abort
0 L2 decode drops
44197954355 packets output, 57486827220439 bytes, 42 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/191)
output queue (curr/max blocks): hardware (0/128) software (0/45)
Traffic Statistics for "Audiovault-DMZ":
25473285608 packets input, 4606976126158 bytes
44203213848 packets output, 56856313580879 bytes
8197481 packets dropped
Hello,
42 underruns
13 overrun
13 input errors
Can you clear the counters and then attempt a connection and check the interface again and post the results.
I dont like those error counters.
Regards
Hi,
Cleared the counters and downloaded a 100MB file
Interface Ethernet2 "Audiovault-DMZ", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Description: DMZ Zone.
MAC address 000d.8811.c32c, MTU 1500
IP address 192.168.2.1, subnet mask 255.255.255.0
130716 packets input, 147258923 bytes, 0 no buffer
Received 189 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
73850 packets output, 12994065 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/15)
output queue (curr/max blocks): hardware (0/10) software (0/1)
Traffic Statistics for "Audiovault-DMZ":
129252 packets input, 145431089 bytes
73850 packets output, 11362942 bytes
183 packets dropped
Hello,
That looks way better,
Okay so you have removed the HTTP inspection.
Did you clear the local-host table afterwards?
clear local-host
Then is there a way you could upload here a capture while you perform the file download
Ofcourse provide us the capture syntax you used on the PIX and the PIX setup
Hi,
I didn't clear the local host table. Would this affect any current traffic when I run this command? Should I do this during a non-peak user time?
For the capture I've just been using wireshark on the local machine and nothing directly on the PIX. Should I be running a capture directly on the PIX?
Thanks.