1. Home
  2. Cisco Systems
  3. problem with HTML traffic on pix 6.3.4

problem with HTML traffic on pix 6.3.4

We have a problem on a PIX-515 running 6.3.4. It has to be this particular PIX because we have a 506E for backup and testing and this doesn't happen. What's happening is HTML traffic starts out blazing fast, we have a 100Mb/sec fibre connection to the Internet in a data center, but as the file proceeds to download speeds will drop off on the remote site from say 500kB/sec (on a

5Mb/sec cable modem) to about 70kB/sec by the end. If I take the web server and changes its default gateway to the 506E and move its IP from the 515 to the 506 speeds will sustain at 500kB/sec or more. This only seems to happen with HTML traffic. If I pull the same file with FTP its fast and stays fast. POP3/SMTP e-mail traffic also seem to be unaffected by this. Below is the config (munged of public info). Do I have a dying PIX that needs replaced or do I have a bad config somewhere? Thanks in advance...

Thanks... Brian Bergin

I can be reached via e-mail at cisco_dot_news_at_comcept_dot_net.

PIX Version 6.3(4) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password XXXXXXXXXXXXXXX encrypted passwd XXXXXXXXXXXXXXX encrypted hostname pix515 domain-name XXXXXXXXXXXXXXXXXXX clock timezone EST -5 clock summer-time EDT recurring fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol http 8000 fixup protocol ils 389 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 logging on logging timestamp logging trap notification logging facility 23 logging host inside 192.168.1.11 icmp deny any outside mtu outside 1500 mtu inside 1500 ip address outside 1.2.36.4 255.255.254.0 ip address inside 192.168.1.4 255.255.255.0 ip verify reverse-path interface outside ip audit name attack_policy attack action alarm drop reset ip audit name info_policy info action alarm ip audit interface outside info_policy ip audit interface outside attack_policy ip audit info action alarm ip audit attack action alarm drop reset no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside pdm location 192.168.1.35 255.255.255.255 inside pdm location 192.168.1.11 255.255.255.255 inside pdm logging debugging 500 pdm history enable arp timeout 14400 global (outside) 1 1.2.36.100 netmask 255.255.255.128 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 1.2.36.10 192.168.1.10 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.11 192.168.1.11 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.80 192.168.1.80 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.13 192.168.1.13 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.10 192.168.1.110 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.11 192.168.1.111 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.12 192.168.1.112 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.13 192.168.1.113 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.14 192.168.1.114 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.15 192.168.1.115 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.16 192.168.1.116 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.17 192.168.1.117 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.18 192.168.1.118 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.19 192.168.1.119 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.20 192.168.1.120 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.21 192.168.1.121 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.22 192.168.1.122 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.23 192.168.1.123 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.24 192.168.1.124 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.25 192.168.1.125 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.26 192.168.1.126 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.27 192.168.1.127 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.30 192.168.1.130 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.31 192.168.1.131 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.33 192.168.1.133 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.34 192.168.1.134 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.35 192.168.1.135 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.36 192.168.1.136 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.37 192.168.1.137 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.38 192.168.1.138 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.39 192.168.1.139 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.40 192.168.1.140 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.41 192.168.1.141 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.42 192.168.1.142 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.43 192.168.1.143 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.44 192.168.1.144 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.45 192.168.1.145 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.46 192.168.1.146 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.48 192.168.1.148 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.49 192.168.1.149 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.50 192.168.1.150 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.52 192.168.1.152 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.53 192.168.1.153 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.54 192.168.1.154 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.55 192.168.1.155 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.56 192.168.1.156 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.57 192.168.1.157 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.58 192.168.1.158 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.59 192.168.1.159 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.60 192.168.1.160 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.254 192.168.1.254 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.2 192.168.1.102 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.107 192.168.1.7 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.4 192.168.1.104 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.5 192.168.1.105 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.6 192.168.1.106 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.7 192.168.1.107 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.8 192.168.1.108 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.9 192.168.1.109 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.116 192.168.1.16 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.117 192.168.1.17 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.100 192.168.1.100 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.22 192.168.1.22 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.19 192.168.1.19 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.51 192.168.1.151 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.1 192.168.1.101 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.51 192.168.1.51 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.31 192.168.1.31 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.52 192.168.1.52 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.95 192.168.1.95 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.3 192.168.1.103 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.36.23 192.168.1.23 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.85 192.168.1.85 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.170 192.168.1.170 netmask 255.255.255.255 0 0 static (inside,outside) 1.2.37.151 192.168.1.55 netmask 255.255.255.255 0 0 conduit permit tcp host 1.2.36.10 eq domain any conduit permit udp host 1.2.36.10 eq domain any conduit permit tcp host 1.2.36.10 eq 3389 any conduit permit tcp host 1.2.36.11 eq domain any conduit permit tcp host 1.2.36.11 eq 3389 any conduit permit udp host 1.2.36.11 eq domain any conduit permit tcp host 1.2.36.11 eq pptp any conduit permit gre host 1.2.36.11 any conduit permit tcp host 1.2.36.13 eq www any conduit permit tcp host 1.2.36.13 eq 3389 any conduit permit tcp host 1.2.36.13 eq https any conduit permit tcp host 1.2.37.10 eq www any conduit permit tcp host 1.2.37.11 eq www any conduit permit tcp host 1.2.37.12 eq www any conduit permit tcp host 1.2.37.13 eq www any conduit permit tcp host 1.2.37.14 eq www any conduit permit tcp host 1.2.37.18 eq www any conduit permit tcp host 1.2.37.19 eq www any conduit permit tcp host 1.2.37.20 eq www any conduit permit tcp host 1.2.37.22 eq www any conduit permit tcp host 1.2.37.23 eq www any conduit permit tcp host 1.2.37.25 eq www any conduit permit tcp host 1.2.37.26 eq www any conduit permit tcp host 1.2.37.27 eq www any conduit permit tcp host 1.2.37.34 eq www any conduit permit tcp host 1.2.37.35 eq www any conduit permit tcp host 1.2.37.41 eq www any conduit permit tcp host 1.2.37.42 eq www any conduit permit tcp host 1.2.37.47 eq www any conduit permit tcp host 1.2.37.48 eq www any conduit permit tcp host 1.2.37.50 eq www any conduit permit tcp host 1.2.37.51 eq www any conduit permit tcp host 1.2.37.52 eq www any conduit permit tcp host 1.2.37.54 eq www any conduit permit tcp host 1.2.37.55 eq www any conduit permit tcp host 1.2.37.56 eq www any conduit permit tcp host 1.2.37.57 eq www any conduit permit tcp host 1.2.37.58 eq www any conduit permit tcp host 1.2.37.59 eq www any conduit permit tcp host 1.2.37.60 eq www any conduit permit tcp host 1.2.37.2 eq 3389 any conduit permit tcp host 1.2.37.12 eq ftp any conduit permit tcp host 1.2.37.13 eq ftp any conduit permit tcp host 1.2.37.14 eq ftp any conduit permit tcp host 1.2.37.15 eq ftp any conduit permit tcp host 1.2.37.16 eq ftp any conduit permit tcp host 1.2.37.17 eq ftp any conduit permit tcp host 1.2.37.18 eq ftp any conduit permit tcp host 1.2.37.21 eq ftp any conduit permit tcp host 1.2.37.22 eq ftp any conduit permit tcp host 1.2.37.23 eq ftp any conduit permit tcp host 1.2.37.24 eq ftp any conduit permit tcp host 1.2.37.26 eq ftp any conduit permit tcp host 1.2.37.27 eq ftp any conduit permit tcp host 1.2.37.28 eq ftp any conduit permit tcp host 1.2.37.30 eq ftp any conduit permit tcp host 1.2.37.31 eq ftp any conduit permit tcp host 1.2.37.33 eq ftp any conduit permit tcp host 1.2.37.34 eq ftp any conduit permit tcp host 1.2.37.35 eq ftp any conduit permit tcp host 1.2.37.36 eq ftp any conduit permit tcp host 1.2.37.37 eq ftp any conduit permit tcp host 1.2.37.38 eq ftp any conduit permit tcp host 1.2.37.39 eq ftp any conduit permit tcp host 1.2.37.40 eq ftp any conduit permit tcp host 1.2.37.41 eq ftp any conduit permit tcp host 1.2.37.42 eq ftp any conduit permit tcp host 1.2.37.43 eq ftp any conduit permit tcp host 1.2.37.44 eq ftp any conduit permit tcp host 1.2.37.45 eq ftp any conduit permit tcp host 1.2.37.46 eq ftp any conduit permit tcp host 1.2.37.47 eq ftp any conduit permit tcp host 1.2.37.48 eq ftp any conduit permit tcp host 1.2.37.49 eq ftp any conduit permit tcp host 1.2.37.50 eq ftp any conduit permit tcp host 1.2.36.83 eq www any conduit permit icmp any any echo-reply conduit permit icmp any any unreachable conduit permit icmp any any time-exceeded conduit permit tcp host 1.2.37.4 eq 3389 any conduit permit tcp host 1.2.37.4 eq pop3 any conduit permit tcp host 1.2.37.5 eq pop3 any conduit permit tcp host 1.2.37.6 eq pop3 any conduit permit tcp host 1.2.37.7 eq pop3 any conduit permit tcp host 1.2.37.8 eq pop3 any conduit permit tcp host 1.2.37.9 eq pop3 any conduit permit tcp host 1.2.37.9 eq 8000 any conduit permit tcp host 1.2.37.8 eq 8000 any conduit permit tcp host 1.2.37.7 eq 8000 any conduit permit tcp host 1.2.37.6 eq 8000 any conduit permit tcp host 1.2.37.5 eq 8000 any conduit permit tcp host 1.2.37.4 eq 8000 any conduit permit tcp host 1.2.37.116 eq 3389 any conduit permit tcp host 1.2.37.117 eq www any conduit permit tcp host 1.2.37.43 eq www any conduit permit tcp host 1.2.37.2 eq www any conduit permit tcp host 1.2.37.3 eq pop3 any conduit permit tcp host 1.2.37.3 eq 8000 any conduit permit tcp host 1.2.37.21 eq www any conduit permit tcp host 1.2.37.4 eq domain any conduit permit udp host 1.2.37.4 eq domain any conduit permit tcp host 1.2.37.51 eq https any conduit permit tcp host 1.2.37.107 eq 3389 any conduit permit tcp host 1.2.36.22 eq www any conduit permit tcp host 1.2.36.81 eq ftp any conduit permit tcp host 1.2.37.19 eq ftp any conduit permit tcp host 1.2.37.54 eq https any conduit permit tcp host 1.2.37.1 eq www any conduit permit tcp host 1.2.37.38 eq www any conduit permit tcp host 1.2.36.51 eq www any conduit permit tcp host 1.2.36.51 eq https any conduit permit tcp host 1.2.37.44 eq www any conduit permit tcp host 1.2.36.22 eq https any conduit permit tcp host 1.2.36.31 eq www any conduit permit tcp host 1.2.37.3 eq smtp any conduit permit tcp host 1.2.37.4 eq smtp any conduit permit tcp host 1.2.37.5 eq smtp any conduit permit tcp host 1.2.37.6 eq smtp any conduit permit tcp host 1.2.37.7 eq smtp any conduit permit tcp host 1.2.37.8 eq smtp any conduit permit tcp host 1.2.37.9 eq smtp any conduit permit tcp host 1.2.36.11 eq smtp any conduit permit tcp host 1.2.36.52 eq www any conduit permit tcp host 1.2.36.80 eq www any conduit permit tcp host 1.2.36.80 eq ftp any conduit permit tcp host 1.2.37.95 eq www any conduit permit tcp host 1.2.36.23 eq www any conduit permit tcp host 1.2.37.100 eq https any conduit permit tcp host 1.2.37.85 eq www any conduit permit tcp host 1.2.37.85 eq ftp any conduit permit tcp host 1.2.37.170 eq www any conduit permit tcp host 1.2.37.1 eq ftp any conduit permit tcp host 1.2.37.100 eq ftp any conduit permit tcp host 1.2.37.95 eq https any conduit permit tcp host 1.2.37.151 eq www any route outside 0.0.0.0 0.0.0.0 1.2.36.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local ntp server 192.5.41.40 source outside prefer http server enable http 192.168.1.35 255.255.255.255 inside http 192.168.1.11 255.255.255.255 inside snmp-server host inside 192.168.1.33 snmp-server host inside 192.168.1.35 no snmp-server location no snmp-server contact snmp-server community XXXXXXXXXXXXXXXXXX no snmp-server enable traps floodguard enable fragment chain 1 service resetinbound telnet 192.168.1.35 255.255.255.255 inside telnet 192.168.1.11 255.255.255.255 inside telnet 192.168.1.33 255.255.255.255 inside telnet timeout 5 ssh 192.168.1.11 255.255.255.255 inside ssh 192.168.1.35 255.255.255.255 inside ssh timeout 5 console timeout 0 terminal width 80

Reply to
Brian Bergin
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.