From: MMoniz (ccie2002@tampabay.rr.com)
Date: Tue Aug 26 2003 - 20:12:53 GMT-3
It would be interesting to know which model. I have a 535 and it get's
pounded. CPU is usually at 0. Are you logging to syslog from the PIX? You
should then be able to see what traffic is blasting you.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brown, Patrick (NSOC-OCF}
Sent: Tuesday, August 26, 2003 5:14 PM
To: 'George Gittins'; ccielab@groupstudy.com
Subject: RE: Pix responding slow
George,
What is the model of your PIX?
What is your upstream internet border routers platform?
What ports/protocols are you blocking?
You are most likely getting pounded by ICMP traffic on the pix. If you have
a 7200 or better upstream border router with 40% or less cpu, rate-limit
ICMP or totally block there. If you have a fat subnet(/22 /21 /23 /etc..)
attached to your box, it will be arping for every IP that is scanned/ping in
this range. Note: Your Arp Input process will be high. <-- blocking all ICMP
or just echo-reply will help with this.
Reply with info!
Thanks,
Patrick B
-----Original Message-----
From: George Gittins [mailto:g.gittins@edinburg.esc1.net]
Sent: Tuesday, August 26, 2003 3:53 PM
To: ccielab@groupstudy.com
Subject: Pix responding slow
I put a couple of access-list on the pix to stop the blaster worm and I
noticed that internet is being awful slow, plus my pix is responding
very slow
George Gittins
Network Maintenance Supervisor
ECISD
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:07 GMT-3