PIX ftp/http traffic

technews Tue, 07 Nov 2000 16:41:40 -0800
Hi,

We have installed a new cisco PIX 515R to protect our servers, however I
have been detecting some issues, and I wanted to know if anyone has
experienced this, or have pointers on what to tweak?

Our site allows people to log in to the site, use the various services
(http traffic) and it seems to work great, however whenever you want to
upload a big file, the transfer never completes and the connection is
dropped by the firewall.  The same happens if we are ftping from the
inside to the outside.  If the file is small, then it works fine, but when
the files is big, the connection is closed and the download is interrupted
in the middles.

Enclosed is a snippet of our configuration, maybe that helps identify where
the error lies.

Thanks in advance for any help to resolve this. Since no one is able to
upload big files into the network..

Adonis

Snippet of Configuration
------------------------
PIX Version 4.4(5)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
...
fixup protocol ftp 21
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
no fixup protocol http 80
names
pager lines 24
logging on
no logging timestamp
no logging console
no logging monitor
logging buffered errors
no logging trap
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
...
arp timeout 14400
nat (inside) 0 216.177.x.y 255.255.255.240 0 0
static (inside,outside) 216.177.x.y 216.177.x.y netmask 255.255.255.240 0 0
conduit permit tcp host 216.177.x.a eq www any
conduit permit tcp host 216.177.x.b eq www any
conduit permit tcp host 216.177.x.c eq www any
rip outside passive
no rip outside default
no rip inside passive
rip inside default
route outside 0.0.0.0 0.0.0.0 216.177.xz.yz 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:30:00 absolute uauth 0:25:00 inactivity
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
terminal width 80




-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
PIX ftp/http traffic

Reply via email to
