thanks for the reply

i am new to the zone based firewall as far as i know DNS is fine if i take the config of and reset back to CBAC it is fine

i cant see excessive fragmentation on the router nothing look to be getting punted to the CPU

and like now for example i can copy a 3gb file fine there is no slowness but logging on for example takes much longer then expected

it seems a bit hit and miss some times the logging in is fine also

Hi there,

Which specific protocol does the application use to open up a connection to the server?

IOS version?

Has this ever worked?

Have you had any chance to collect WireShark captures and analyze them?

Thanks.

Portu.

Please rate any helpful posts

And please share your config that is causing the problems. Which IOS-version are you running?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

the IOS is

2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(11)XW3

Since the zone based firewall has gone on it has had this problem

am going do some wireshark overthe weekend as have had to turn the firewall of now

It is using cifs to connect to the server

the config is

class-map type inspect match-any 2000

match protocol http

match protocol https

match protocol snmp

match protocol snmptrap

match protocol telnet

match protocol ssh

match protocol ntp

class-map type inspect match-all FIREWALL_TANBERG_TRAFFIC

match access-group 2020

class-map type inspect match-all FIREWALL_IPSEC_TRAFFIC

match access-group name IPSEC_TRAFFIC

class-map type inspect match-all FIREWALL_TANDBERG_MANGMENT

match class-map 2000

match access-group 2000

class-map type inspect match-any FIREWALL_INSIDE_OUTSIDE

match protocol https

match protocol http

match protocol ftp

match protocol dns

match protocol ntp

match protocol tcp

match protocol udp

match protocol icmp

class-map type inspect match-any FIREWALL_ROUTER_MANAGMENT

match protocol telnet

match protocol tacacs

match protocol ssh

!

!

policy-map type inspect FIREWALL_ROUTER_SERVICES

class type inspect FIREWALL_ROUTER_MANAGMENT

  pass   

class type inspect FIREWALL_IPSEC_TRAFFIC

  pass   

class class-default

policy-map type inspect FIREWALL_INBOUND_TRAFFIC

class type inspect FIREWALL_TANDBERG_MANGMENT

  inspect

class type inspect FIREWALL_TANBERG_TRAFFIC

  inspect

class class-default

policy-map type inspect FIREWALL_OUTBOUND_TRAFFIC

class type inspect FIREWALL_INSIDE_OUTSIDE

  inspect

class class-default

!        

zone security FIREWALL_INSIDE

description FIREWALL INSIDE INTERFACES FASTETHERNET0/1 AND TUNNELS

zone security FIREWALL_OUTSIDE

description FIREWALL OUTSIDE INTERFACE FASTETHERNET0/0

zone-pair security FIREWALL_OUTSIDE_TO_INSIDE source FIREWALL_OUTSIDE destination FIREWALL_INSIDE

service-policy type inspect FIREWALL_INBOUND_TRAFFIC

zone-pair security FIREWALL_OUTSIDE_TO_SELF source FIREWALL_OUTSIDE destination self

description ALLOWS ROUTER MANAGMENT AND IPSEC TRAFFIC

service-policy type inspect FIREWALL_ROUTER_SERVICES

zone-pair security FIREWALL_INSIDE_TO_OUTSIDE source FIREWALL_INSIDE destination FIREWALL_OUTSIDE

description ALLOWS OUTBOUND TRAFFIC

service-policy type inspect FIREWALL_OUTBOUND_TRAFFIC

the inside f0/1 and tunnel interface are in the FIREWALL_INSIDE

many thanks guys!

the inside f0/1 and tunnel interface are in the FIREWALL_INSIDE

then, the traffic is not part of the firewall as with that release, all interfaces of the same zone can freely communicate.

2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(11)XW3

That's really ancient. Please upgrade to a more recent version before doing any more troubleshooting. 12.4.(24)T8 is an actual release if you wan't to stay on the 12.4-train.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Aye did that to see if it was part of the problem but once i take the zone based firewall of it all works fine

ah cool will give that ago !

thanks !