[afnog] packet loss

Chris Wilson chris+afnog at aptivate.org
Wed Jul 20 09:14:11 UTC 2011


Hi Teklay,

On Wed, 20 Jul 2011, teklay gebremichael wrote:

> I have a Cisco PIX 515e firewall where it is connected to the campus 
> Core switch(Cisco 6500 switch) through Cisco 3524 switch. Being from my 
> pc, i initiated a continuous ping to the inside interface of the PIX, 
> but there were many packets being lost while the response time is less 
> than a msec. Then i tried to ping to the switch i am connected to and 
> even to the core switch, but i don't see any packet loss. Then i 
> repeated this with the ip address of a vlan that the inside interface of 
> the PIX is assigned to (the vlan is in the core switch) and there is no 
> any packet loss.

Is this VLAN closer to your PC than the switch, or further away (on the 
other side of the PIX)?

Many Cisco devices have a limit on the rate at which they respond to 
pings and send other ICMP messages, so this may be causing "packet loss" 
of pings although real packets (passing through the PIX) are unaffected.

> I tried to investigate the interfaces between the PIX and Core switch 
> but i didn't see any errors. But the connection to the Internet is 
> intermittent and becoming very slow. May be the firewall could be 
> compromised. Even i tried to replace the PIX with old ASA 5505, but the 
> problem is there. So, are there any ways to solve this problem?

Remove everything you can from the equation and see if the problem 
disappears. E.g. connect a PC (and nothing else) directly to your edge 
router, bypassing and disconnecting the PIX, to prove that your connection 
is OK.

If not, call your ISP. If it is, then proceed with reinserting one element 
at a time and see where the problem starts.

You may find the Troubleshooting chapter of the free BMO book useful as 
well [http://bwmo.net/pdf/chapter5.pdf].

Cheers, Chris.
-- 
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.



More information about the afnog mailing list