Re: Pix 515E UR 6FE Bundle is degrading performance

cloun81 · ‎07-07-2005

I'm using PIX 515E 6.3(4) with 6 FE ports. I'v configured outside, inside and DMZ interfaces.

I'm using NAT exemption between Inside and DMZ interface and NAT static translation without changes of IPs.

If I make one download from DMZ to Inside (ftp or samba) speed is about 25 Mbit/s on interface. If I make one more download from DMZ to Inside speed is falling to about 16 Mbit/s. If I make upload from Inside to DMZ at the same time speed is falling to about 3-4 Mbit/s in two ways. CPU load is 2-3 %.

Speed must be near 90 Mbit/s, I think. And no degrade in case with some loading threads.

Manual speed and duplex setting make no change in speed.

I need help to speed up.

Evgeniy

harishtandon23 · ‎07-08-2005

please send the sh techoutput of the pix firewall so that i can check the root cause for the issue and suggest you the right solution.

cloun81 · ‎07-11-2005

first part of show tech

1)

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(2)

Compiled on Fri 02-Jul-04 00:07 by morlee

firewall up 13 days 11 hours

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: ethernet0: address is 0012.d9eb.fab7, irq 10

1: ethernet1: address is 0012.d9eb.fab8, irq 11

2: ethernet2: address is 000d.88ff.82bc, irq 11

3: ethernet3: address is 000d.88ff.82bd, irq 10

4: ethernet4: address is 000d.88ff.82be, irq 9

5: ethernet5: address is 000d.88ff.82bf, irq 5

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 6

Maximum Interfaces: 10

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: 808512441 (0x3030ebb9)

Running Activation Key: 0xd01fbe86 0xb87c7b45 0xb610dacb 0xf743ec44

Configuration last modified by enable_15 at 13:27:04.723 IRKDT Fri Jul 8 2005

------------------ show clock ------------------

14:40:00.681 IRKDT Tue Jul 12 2005

------------------ show memory ------------------

Free memory: 42775744 bytes

Used memory: 24333120 bytes

------------- ----------------

Total memory: 67108864 bytes

------------------ show conn count ------------------

686 in use, 2724 most used

------------------ show xlate count ------------------

401 in use, 1326 most used

------------------ show blocks ------------------

SIZE MAX LOW CNT

4 1600 1573 1599

80 400 386 400

256 1012 500 1012

1550 2085 988 1308

2560 200 195 200

ehirsel · ‎07-08-2005

What are the pix interface speed and duplex settings set at, for both the dmz and inside interfaces?

Do they match what the switch and router ports are set to? If you are using a hub instead of a switch, note that and please run the show icmp command and post the results here.

cloun81 · ‎07-11-2005

seconf part of show tech

2)

------------------ show interface ------------------

interface ethernet0 "outside" is up, line protocol is up

Hardware is i82559 ethernet, address is 0012.d9eb.fab7

IP address 172.16.255.2, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

82937308 packets input, 613708020 bytes, 0 no buffer

Received 30 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

68466033 packets output, 3399343949 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/128)

output queue (curr/max blocks): hardware (0/128) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address is 0012.d9eb.fab8

IP address 172.16.254.1, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

318268449 packets input, 927053226 bytes, 0 no buffer

Received 901047 broadcasts, 0 runts, 0 giants

1 input errors, 0 CRC, 0 frame, 1 overrun, 0 ignored, 0 abort

464970965 packets output, 67373307 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/128)

output queue (curr/max blocks): hardware (0/128) software (0/385)

interface ethernet2 "Modems" is up, line protocol is up

Hardware is i82559 ethernet, address is 000d.88ff.82bc

IP address 195.46.112.29, subnet mask 255.255.255.252

MTU 1500 bytes, BW 100000 Kbit full duplex

688196 packets input, 60546173 bytes, 0 no buffer

Received 390 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

712980 packets output, 97290102 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/4)

output queue (curr/max blocks): hardware (0/84) software (0/1)

interface ethernet5 "DMZ" is up, line protocol is up

Hardware is i82559 ethernet, address is 000d.88ff.82bf

IP address 195.206.43.11, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

429666605 packets input, 3417732546 bytes, 0 no buffer

Received 57960 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

322611718 packets output, 2715469835 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

90 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/120)

output queue (curr/max blocks): hardware (0/98) software (0/1)

cloun81 · ‎07-11-2005

third part of show tech

3)

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 2%; 1 minute: 1%; 5 minutes: 1%

------------------ show process ------------------

PC SP STATE Runtime SBASE Stack Process

Hsi 001ecf11 00ab0384 00565bd8 50 00aaf3fc 3536/4096 arp_timer

Lsi 001f26c5 00b5357c 00565bd8 0 00b52604 3816/4096 FragDBGC

Cwe 0010fb5a 00b613cc 00b5ea5c 0 00b60474 3788/4096 VAC poll

Hsi 0010ff2d 00b6246c 00565bd8 0 00b61524 3880/4096 VAC statistics

Lwe 00119aef 00b6343c 00569340 0 00b625d4 3688/4096 dbgtrace

Lwe 003f27e5 00b655cc 0055e510 2380190 00b63684 6656/8192 Logger

Hsi 003f6935 00b686c4 00565bd8 40 00b6674c 7700/8192 tcp_fast

Hsi 003f67d5 00b6a774 00565bd8 0 00b687fc 7636/8192 tcp_slow

Lsi 0030d391 00ca0ef4 00565bd8 0 00c9ff6c 3916/4096 xlate clean

Lsi 0030d29f 00ca1f94 00565bd8 0 00ca101c 3548/4096 uxlate clean

Mwe 00304a63 00e3a394 00565bd8 10 00e383fc 7848/8192 tcp_intercept_timer_process

Lsi 0044a055 00ee6c6c 00565bd8 0 00ee5ce4 3900/4096 route_process

Hsi 002f45ac 00ee7cfc 00565bd8 10 00ee6d94 2508/4096 PIX Garbage Collector

Hwe 0021a459 00ef222c 00565bd8 0 00eee2c4 15936/16384 isakmp_time_keeper

Lsi 002f214c 00f0bf04 00565bd8 0 00f0af7c 3944/4096 perfmon

Mwe 00211229 00f36334 00565bd8 0 00f343bc 7860/8192 IPsec timer handler

Hwe 003a8933 00f4ae84 00588aa8 20 00f48f3c 6840/8192 qos_metric_daemon

Mwe 00266705 00f659bc 00565bd8 30 00f61a54 15180/16384 IP Background

Lwe 003056da 010186cc 0057c180 0 01017854 3704/4096 pix/trace

Lwe 00305912 0101977c 0057c8b0 0 01018904 3704/4096 pix/tconsole

Hwe 0011f247 0102b8dc 00512c00 0 01027ef4 14508/16384 ci/console

Hwe 004434da 0102d70c 005e2d90 0 0102c7d4 3684/4096 lu_ctl

Csi 002fd61f 0102e7dc 00565bd8 0 0102d884 3540/4096 update_cpu_usage

Hwe 002e8a81 010df484 00544f60 0 010db5fc 15884/16384 uauth_in

Hwe 003f53ed 010e1584 00a27ec8 0 010df6ac 7896/8192 uauth_thread

Hwe 0040c7fa 010e26d4 0055eb10 0 010e175c 3928/4096 udp_timer

Hsi 001e4a0e 010e4394 00565bd8 0 010e341c 3928/4096 557mcfix

Crd 001e49c3 010e5454 00566050 1045174740 010e44cc 3536/4096 557poll

Lsi 001e4a7d 010e64f4 00565bd8 10 010e557c 3420/4096 557timer

Cwe 001e6619 010fc5cc 007b3460 1624080 010fa6d4 5984/8192 pix/intf0

Mwe 0040c56a 010fd6dc 00a71a38 0 010fc7a4 3896/4096 riprx/0

Msi 003b1ee9 010fe7ec 00565bd8 0 010fd874 3888/4096 riptx/0

Cwe 001e6619 011049f4 0073def0 4142440 01102afc 5800/8192 pix/intf1

Mwe 0040c56a 01105b04 00a719f0 320 01104bcc 3600/4096 riprx/1

Msi 003b1ee9 01106c14 00565bd8 0 01105c9c 3888/4096 riptx/1

Cwe 001e6619 0110ce1c 008289d0 12530 0110af24 6216/8192 pix/intf2

cloun81 · ‎07-11-2005

forth part of show tech

4)

Mwe 0040c56a 0110df2c 00a719a8 0 0110cff4 3896/4096 riprx/2

Msi 003b1ee9 0110f03c 00565bd8 0 0110e0c4 3888/4096 riptx/2

Cwe 001ef355 011152b4 00a74978 0 0111334c 8040/8192 pix/intf3

Mwe 0040c56a 01116354 00a71960 0 0111541c 3896/4096 riprx/3

Msi 003b1ee9 01117464 00565bd8 0 011164ec 3888/4096 riptx/3

Cwe 001e6619 0111d66c 009134b0 0 0111b774 7928/8192 pix/intf4

Mwe 0040c56a 0111e77c 00a71918 0 0111d844 3896/4096 riprx/4

Msi 003b1ee9 0111f88c 00565bd8 0 0111e914 3888/4096 riptx/4

Cwe 001e6619 01125a94 00988a20 5252840 01123b9c 5588/8192 pix/intf5

Mwe 0040c56a 01126ba4 00a718d0 0 01125c6c 3896/4096 riprx/5

Msi 003b1ee9 01127cb4 00565bd8 0 01126d3c 3888/4096 riptx/5

Hsi 00444321 0112a0f4 00565bd8 0 0112917c 3928/4096 lu_xmit_timer

Hwe 00443005 0112b194 005622c0 0 0112a22c 3900/4096 lu_rx

Hwe 001b30f5 01166a2c 0056d858 0 01165ac4 2844/4096 fover_thread

Hwe 0011f247 01167784 00512c58 0 01166adc 3204/4096 fover_rx

Hwe 001b5ea1 01168a6c 0056dedc 0 01167af4 3960/4096 fover_tx

Hwe 001b3330 0116aa84 0056dee8 0 01168b0c 8056/8192 fover_rep

Lwe 001b34ed 0116baac 0056def0 0 0116ab24 3976/4096 fover_lu_rep

Hwe 001b64d2 0116fab4 0056def8 0 0116bb3c 16212/16384 fover_parse

Hwe 00305f72 011956f4 00565bd8 18160 0118d75c 29808/32768 turboacl_process

Mwe 0025c59d 014132e4 00565bd8 0 0141236c 3244/4096 ntp

Mwe 0040c56a 014144e4 00a717f8 0 014135bc 2924/4096 ntp5

Hwe 003f5681 01414d14 009ff1f0 190 0141466c 1200/2048 listen/http1

Hwe 003dc3ed 01416f04 014173b4 0 014150dc 7468/8192 isakmp_receiver

Hwe 003f5681 01417a44 009fe840 0 014173fc 1196/2048 listen/ssh_1

Mwe 0037eb66 01419cc4 00565bd8 0 01417d4c 7960/8192 Crypto CA

M* 003e8584 0009ff2c 00565c10 90 01653f2c 3620/8192 ssh

Mwe 003ef2d5 01460964 00565bd8 0 0145e9ec 6424/8192 ssh/timer

Hwe 003dc3ed 0144662c 0144682c 0 01444804 7468/8192 isakmp_receiver

Mwe 002dc75c 016321f4 00544ce8 60 0162e95c 12464/16384 http1

Hwe 003dc3ed 01658ee4 0165917c 20 016570bc 6844/8192 isakmp_receiver

------------------ show failover ------------------

Failover Off

Cable status: My side not connected

Reconnect timeout 0:00:00

Poll frequency 15 seconds

cloun81 · ‎07-11-2005

fifth part of show tech

5)

------------------ show traffic ------------------

outside:

received (in 1163697.940 secs):

82937308 packets 613884929 bytes

1 pkts/sec 3 bytes/sec

transmitted (in 1163697.940 secs):

68466033 packets 3399521891 bytes

3 pkts/sec 2002 bytes/sec

inside:

received (in 1163697.940 secs):

318268449 packets 927157778 bytes

0 pkts/sec 3 bytes/sec

transmitted (in 1163697.940 secs):

464970965 packets 67622147 bytes

0 pkts/sec 2 bytes/sec

Modems:

received (in 1163698.620 secs):

688196 packets 60546483 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 1163698.620 secs):

712980 packets 97290412 bytes

0 pkts/sec 2 bytes/sec

intf3:

received (in 1163698.620 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 1163698.620 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

intf4:

received (in 1163698.620 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 1163698.620 secs):

3 packets 180 bytes

0 pkts/sec 0 bytes/sec

DMZ:

received (in 1163699.090 secs):

429666605 packets 3417966538 bytes

0 pkts/sec 2003 bytes/sec

transmitted (in 1163699.090 secs):

322611718 packets 2715685390 bytes

0 pkts/sec 2001 bytes/sec

------------------ show perfmon ------------------

PERFMON STATS: Current Average

Xlates 2/s 1/s

Connections 18/s 2/s

TCP Conns 12/s 2/s

UDP Conns 6/s 0/s

URL Access 6/s 2/s

URL Server Req 0/s 0/s

TCP Fixup 623/s 3/s

TCPIntercept 0/s 0/s

HTTP Fixup 165/s 2/s

FTP Fixup 1/s 0/s

AAA Authen 0/s 0/s

AAA Author 0/s 0/s

AAA Account 0/s 0/s

cloun81 · ‎07-11-2005

sixth part of show tech

6)

------------------ show running-config ------------------

: Saved

:

PIX Version 6.3(4)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 auto shutdown

interface ethernet4 100full shutdown

interface ethernet5 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 Modems security4

nameif ethernet3 intf3 security6

nameif ethernet4 intf4 security8

nameif ethernet5 DMZ security10

enable password *** encrypted

passwd *** encrypted

hostname firewall

domain-name ***

clock timezone IRKST 8

clock summer-time IRKDT recurring last Sun Mar 2:00 last Sun Oct 3:00

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol http 8080

fixup protocol http 8100-8105

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 192.168.0.1 host1

*** 70 hosts

name 192.168.123.71 host71

object-group service deny_tcp tcp

port-object range 6000 6063

port-object eq 177

port-object eq lpd

port-object range 137 netbios-ssn

port-object eq 4899

port-object eq telnet

port-object eq 4444

port-object eq 57005

port-object eq 135

port-object eq 69

port-object eq 11

port-object eq 3389

port-object eq sunrpc

port-object eq 445

port-object range 1433 1434

object-group service deny_udp udp

port-object eq syslog

port-object range 6000 6063

port-object eq 4444

port-object eq 135

port-object eq tftp

port-object eq 31337

port-object eq xdmcp

port-object range biff rip

port-object eq sunrpc

port-object range 1433 1434

port-object range netbios-ns 139

object-group service mail tcp

port-object eq pop3

port-object eq smtp

object-group service domain tcp-udp

port-object eq domain

cloun81 · ‎07-11-2005

seventh part of show tech

7)

access-list compiled

access-list inside_outbound_nat0_acl remark Inside to DMZ

access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.0.0 123.123.123.0 255.255.255.0

access-list inside_outbound_nat0_acl remark Inside to DMZ

access-list inside_outbound_nat0_acl permit ip 172.16.0.0 255.255.0.0 123.123.123.0 255.255.255.0

access-list DMZ_outbound_nat0_acl remark DMZ to Internet

access-list DMZ_outbound_nat0_acl permit ip 123.123.123.0 255.255.255.0 any

access-list outside_access_in remark Modems-pool

access-list outside_access_in permit ip any Modems-pool 255.255.255.128

access-list outside_access_in remark icmp request

access-list outside_access_in permit icmp any any echo

access-list outside_access_in deny 55 any any

access-list outside_access_in deny 77 any any

access-list outside_access_in deny 103 any any

*** 240 lines with remarks

access-list outside_access_in permit ip any 123.123.123.4

access-list inside_access_in permit ip any any

access-list DMZ_access_in remark WWW

access-list DMZ_access_in permit tcp host www host 192.168.23.43 eq 1200

*** 50 lines with remarks

access-list DMZ_access_in permit tcp host ftp host 192.168.0.0 255.255.255.0

access-list Modems_outbound_nat0_acl remark Modems to Internet

access-list Modems_outbound_nat0_acl permit ip 234.234.234.0 255.255.255.128 any

pager lines 24

logging on

logging trap debugging

logging facility 21

logging host inside host12

mtu outside 1500

mtu inside 1500

mtu Modems 1500

mtu intf3 1500

mtu intf4 1500

mtu DMZ 1500

ip address outside 1.1.1.1 255.255.255.0

ip address inside 192.168.0.1 255.255.255.0

ip address Modems 234.234.234.1 255.255.255.224

no ip address intf3

no ip address intf4

ip address DMZ 123.123.123.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip verify reverse-path interface DMZ

ip audit name Attack attack action alarm

ip audit name Info info action alarm

ip audit interface outside Info

ip audit interface outside Attack

ip audit interface inside Info

ip audit interface inside Attack

ip audit interface DMZ Info

ip audit interface DMZ Attack

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address Modems

no failover ip address intf3

no failover ip address intf4

no failover ip address DMZ

pdm location host1 255.255.255.255 outside

*** ~150 lines

pdm location Modems-pool 255.255.255.128 Modems

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 3 123.123.123.5

global (outside) 5 123.123.123.6

global (outside) 6 123.123.123.7

global (outside) 7 123.123.123.8

global (outside) 10 123.123.123.9

global (outside) 11 123.123.123.10

global (outside) 13 123.123.123.11

global (outside) 15 123.123.123.12

global (outside) 1 123.123.123.13

global (outside) 2 123.123.123.14

global (outside) 4 123.123.123.15

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 15 host1 255.255.255.255 0 0

nat (inside) 15 host2 255.255.255.255 0 0

*** 34 lines

nat (inside) 4 host23 255.255.255.255 0 0

nat (Modems) 0 access-list Modems_outbound_nat0_acl

nat (DMZ) 0 access-list DMZ_outbound_nat0_acl

cloun81 · ‎07-11-2005

eighth final part of show tech

8)

static (inside,outside) udp 123.123.123.123 17520 host1 17520 netmask 255.255.255.255 0 0

static (inside,outside) udp 123.123.123.123 syslog host1 syslog netmask 255.255.255.255 0 0

static (inside,outside) udp 123.123.123.123 tftp host1 tftp netmask 255.255.255.255 0 0

static (inside,outside) udp 123.123.123.123 9997 host1 9997 netmask 255.255.255.255 0 0

static (inside,outside) udp 123.123.123.123 tacacs host1 tacacs netmask 255.255.255.255 0 0

static (inside,outside) tcp 123.123.123.123 tacacs host1 tacacs netmask 255.255.255.255 0 0

static (inside,outside) tcp 123.123.123.124 2000 host3 2000 netmask 255.255.255.255 0 0

*** 4 lines

static (inside,outside) tcp 123.123.124.124 5632 host33 5632 netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0

static (inside,outside) 123.123.123.111 host50 netmask 255.255.255.255 0 0

static (DMZ,outside) www www netmask 255.255.255.255 0 0

static (DMZ,outside) mail mail netmask 255.255.255.255 0 0

static (DMZ,outside) ns ns netmask 255.255.255.255 0 0

static (DMZ,outside) ftp ftp netmask 255.255.255.255 0 0

*** 7 lines

static (DMZ,outside) doc doc netmask 255.255.255.255 0 0

static (Modems,outside) Modems-pool Modems-pool netmask 255.255.255.128 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group Modems_access_in in interface Modems

access-group DMZ_access_in in interface DMZ

route outside 0.0.0.0 0.0.0.0 isp 1

route inside 172.16.0.0 255.255.0.0 172.16.12.1 1

*** 10 lines

route inside 192.168.19.0 255.255.255.0 172.16.12.3 1

route Modems Modems-pool 255.255.255.128 234.234.234.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

ntp server www source DMZ

http server enable

http host1 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server inside host12 /pix.firewall.conf

floodguard enable

fragment size 300 outside

fragment chain 300 outside

fragment timeout 30 outside

fragment size 300 inside

fragment size 300 DMZ

sysopt connection permit-ipsec

sysopt noproxyarp outside

sysopt noproxyarp inside

sysopt noproxyarp DMZ

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

isakmp enable outside

isakmp enable Modems

telnet timeout 5

ssh host12 255.255.255.255 inside

ssh timeout 5

management-access outside

console timeout 5

dhcpd lease 3600

dhcpd ping_timeout 750

username user password *** encrypted privilege 15

terminal width 80

cloun81 · ‎07-12-2005

Can anybody help me?!

cloun81 · ‎07-13-2005

Help me!