Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
5
Replies

pix 525 cluster failover

Giulio Lo Presti
Level 1
Level 1

‎05-24-2011 10:15 AM - edited ‎03-11-2019 01:37 PM

hi guys,  a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover.

the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened...

the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.

pls advice

Labels:
86837-pix.conf.zip
0 Helpful
5 Replies 5

Maykol Rojas
Cisco Employee
Cisco Employee

‎05-24-2011 04:46 PM

Hi,

Does it happen if you do a failover to the other unit? With what kind of traffic are you testing this with? Can you take a capture on Inside and DMZ traffic?

Let us know.

Mike Rojas

Security Technical Lead

Mike
0 Helpful

Giulio Lo Presti
Level 1
Level 1
In response to Maykol Rojas

‎05-25-2011 09:08 AM

hi Mike thanks for reply,

it happens not when i do failover but on master firewall with all 2 pix on. i can capture the traffic on inside and dmz interface, if you can tell me how i can execute this traffic capture i will post you the result immediately.

BR

Giulio

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Giulio Lo Presti

‎05-25-2011 10:40 AM

Here it is:

******* Capture configuration ******

{Enable GUI interface:}

http 0 0 inside

http server enable

{For outside interface:}

access-list capture1 permit ip host   host

access-list capture1 permit ip host host

{For inside interface:}

access-list capture2 permit ip host host

access-list capture2 permit ip host host

capture tcpin access-list capture1 interface outside

capture tcpout access-list capture2 interface inside

****** To download the files then… *****

Open the browser

https:///capture/tcpin/pcap

https:///capture/tcpout/pcap

Note:

Username: blank = no name

Password: {enable password}

********* To delete them *********

clear access-list capture1

clear access-list capture2

no capture tcpin

no capture tcpout

********** End *********

Mike

Mike
0 Helpful

Giulio Lo Presti
Level 1
Level 1
In response to Maykol Rojas

‎05-25-2011 11:36 AM

hi Mike,

i have initiated a netbios transfer from 10.1.1.16 to 172.16.10.30 and with 1Gb/s connection the file transfer has gone with no more than 1Mbit/s

attached you will find the capture.

Thanks again

Giulio

86906-pcap(1).zip
0 Helpful

Giulio Lo Presti
Level 1
Level 1
In response to Giulio Lo Presti

‎06-01-2011 03:33 AM

hi any news?? please advice

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card