salve a tutti, spero possiate aiutarmi su questo strano comportamento. ho 2 pix 525 in active standby ciascuno con 4 interfacce di cui 2 in fibra con connettori sc.
la configurazione ha una network chiamata outside(security-level0 100Mbit) una dmz(security-level 90 1000Mbit) ed una inside(security-level 100 1000Mbit). il problema e il seguente: quando tento di trasferire un file con il protocollo smb o ssh dall'interfaccia inside verso l'interfaccia dmz ottengo un accupazione di banda di max 1MB/s....se lo eseguo viceversa ottengo circa 40-50MB/s. secondo voi quale potrebbe essere il problema? di seguito un pezzo della configurazione(ometto le acl perche credo non siano quelle il problema ): PIX Version 7.0(1) names ! interface Ethernet0 description outside speed 100 duplex full nameif outside security-level 0 ip address 192.168.2.5 255.255.255.0 standby 192.168.2.6 ! interface Ethernet1 description STATE Failover Interface speed 100 duplex full ! interface GigabitEthernet0 nameif dmz security-level 100 ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2 ! interface GigabitEthernet1 nameif inside security-level 90 ip address 172.16.10.19 255.255.0.0 standby 172.16.10.20 ! pager lines 20 mtu outside 1500 mtu dmz 1500 mtu inside 1500 ip verify reverse-path interface outside ip verify reverse-path interface dmz failover failover link failover Ethernet1 failover interface ip failover 192.168.5.1 255.255.255.0 standby 192.168.5.2 monitor-interface outside monitor-interface dmz monitor-interface inside asdm history enable arp timeout 14400 nat-control global (outside) 1 192.168.2.44 global (inside) 1 172.16.111.1 nat (dmz) 1 10.1.1.0 255.255.255.0 nat (inside) 1 172.16.0.0 255.255.0.0 static (dmz,inside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 static (dmz,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 route outside 0.0.0.0 0.0.0.0 192.168.2.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl encryption des-sha1 rc4-md5 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global ssl encryption des-sha1 rc4-md5 : end Grazie Giulio _______________________________________ Articoli CISCO: http://www.areanetworking.it/category/cisco Cug mailing list [email protected] http://lists.ml.areanetworking.it/cgi-bin/mailman/listinfo/cug Servizio ML offerto da Ehiweb.it - http://www.ehiweb.it/
