[c-nsp] Pix to Pix tunnel performance w/Windows File Sharing,>

[Tony Mucker]

This looks very promising.  Using pings I was able to determine that the 
biggest packet I could pass between the two PIXes was exactly 1272 
bytes.  There doesn't seem to be a command for adjusting MSS on the PIX, 
so on the routers I put in the command "ip tcp adjust-mss 1200."

In my ethereal packet dumps I'm seeing a lot less re-transmission (but 
there's still some).  Gkrellm is reporting decent transfer rates of 
100KB/s.  Triple the performance.  Excellent.  Chances are I could tell 
my boss that this is it and we'd both be happy.  We'd write it off as a 
built in bandwidth cap for the users :)

Question 1:  What's the difference between setting the MTU on the router 
interface and setting ip tcp adjust mss?  I've been looking at the Cisco 
IOS 12.3 Command reference and the closest command I can see is ip tcp mss.

Questino 2:  What other options do I have to increase performance?  Most 
of the documentation I've seen deals with Router to Router tunnels, or 
Router to PIX.  It seems that in terms of PIX to PIX there aren't as 
many options (for example the ip tcp adjust mss command doesn't exist in 
PIX OS).

Thanks again
Tony


Grant Moerschel wrote:

> I'd also bet that that is a max segment size issue. I have seen this 
> before with routers running IPsec. There is a command for routers that 
> dictates mss and essentially if the client sends something larger the 
> IPsec device will tell the client to lower the size and the client 
> thinks the server did...the ipsec device does it by proxy.
>
> Not sure if the pix has the same function but maybe you can do it at a 
> router.