Cisco PIX does not seem to balance traffic well...

admin_2 · ‎04-06-2004

Ever since we installed our Cisco PIX 501 a few months back, we have noticed a severe problem with our internet connection. I keep a continual ping going to google.com as a good checkpoint for internet latency. With no traffic, this is usually around 10-20ms.

Whenever anybody initiates a download from the internet, the response time is all but obliterated. If the ping doesn't start timing out (due to the response taking too long), it will sit at around 600-900ms. Any http requests during this time take extremely long times to process. Loading www.google.com takes upwards around 30 seconds sometimes.

We are running a 768 kbit/sec guaranteed DSL internet connection here. We recently upgraded our PIX to the 506 model. Has anybody else had problems with the PIX handling internet connections poorly?

Also... I've been looking, but I can't find anywhere that will give me a map or printout of which hosts are utilizing what % of my bandwidth. This would be at least helpful in determining if somebody is abusing the internet connection.

Thank you,

Ian

didyap · ‎04-12-2004

The PIX 501 data sheet below specifies a cleartext throughput of 60 Mbps, so I don' think the PIX will be a bottleneck, unless it is due to some other problem or there are any known issues with the software version that you are using. You could probably use some kind of network analyzer to sniff traffic and see what is happening.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html

jamey · ‎04-12-2004

You didn't mention if the situation improved when you upgraded to the 506. I'm guessing it didn't.

Have you checked the interfaces on the PIX for excessive errors/collisions?