I having an odd problem, when trying to browse certain websites the pages load incredably slow, and also have problems with some email domains, it times out when trying to connect.
We have 8mb broadband from our isps router then a 1700 with two ethernet ports using NAT. There are quite a few port forwards to various services and using VPN.
I put a pc directly on the isps router, and browsing was lightening fast, took less than a second to load orange.co.uk (this is one of the troublesome domains) but going direct through the cisco it took well over a minute, and clicking any links took ages! I think this is also why certain email domains keep timing out.
So running through the cisco is definately much slower but only to certain domains, this is what I can't understand, other sites through the cisco are very quick.
Any ideas?
System image file is "flash:c1700-k9o3sy7-mz.122-11.T10.bin"
cisco 1720 (MPC860T) processor (revision 0x301) with 36864K/12288K bytes of memo
ry.
Processor board ID JAD0409089Z (139905154), with hardware revision 0000
MPC860T processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
#sh int fa0
FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 00b0.c288.9ede (bia 00b0.c288.9ede)
Internet address is 192.168.2.150/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 17:16:18
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 459000 bits/sec, 65 packets/sec
5 minute output rate 137000 bits/sec, 52 packets/sec
943415 packets input, 703280087 bytes
Received 82236 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
710820 packets output, 302001823 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
#sh int e0
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0004.dd0b.d313 (bia 0004.dd0b.d313)
Internet address is [External IP]
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 7/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10BaseT
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 17:17:58
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 100000 bits/sec, 29 packets/sec
5 minute output rate 313000 bits/sec, 33 packets/sec
650196 packets input, 298668752 bytes, 0 no buffer
Received 83493 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 3 overrun, 0 ignored
0 input packets with dribble condition detected
711358 packets output, 679022980 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
#sh run
Building configuration...
Current configuration : 8606 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
memory-size iomem 25
ip subnet-zero
!
!
!
ip inspect name eth_0 tcp
ip inspect name eth_0 cuseeme
ip inspect name eth_0 ftp
ip inspect name eth_0 h323
ip inspect name eth_0 rcmd
ip inspect name eth_0 realaudio
ip inspect name eth_0 streamworks
ip inspect name eth_0 vdolive
ip inspect name eth_0 sqlnet
ip inspect name eth_0 tftp
ip inspect name eth_0 udp
ip inspect name eth_0 http
ip inspect name eth_0 smtp
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
ip address .227 255.255.255.240 secondary
ip address .228 255.255.255.240 secondary
ip address .229 255.255.255.240 secondary
ip address .230 255.255.255.240 secondary
ip address .231 255.255.255.240 secondary
ip address .232 255.255.255.240 secondary
ip address .226 255.255.255.240
ip access-group 101 in
ip nat outside
full-duplex
!
interface FastEthernet0
ip address 192.168.2.150 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect eth_0 in
speed auto
no cdp enable
!
interface Virtual-Template1
ip unnumbered FastEthernet0
peer default ip address pool pptp
ppp encrypt mppe auto
ppp authentication ms-chap
!
interface Dialer0
no ip address
!
ip local pool pptp 192.168.2.235 192.168.2.239
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.3.200 80 .231 80 extendable
ip nat inside source static tcp 192.168.2.200 80 .232 80 extendable
ip nat inside source static tcp 192.168.2.226 4080 .228 4080 extendab
e
ip nat inside source static tcp 192.168.2.226 4081 .228 4081 extendab
e
ip nat inside source static tcp 192.168.2.252 3390 .230 80 extendable
ip nat inside source static tcp 192.168.2.5 80 .226 80 extendable
ip nat inside source static tcp 192.168.2.250 3389 .229 80 extendable
ip nat inside source static tcp 192.168.2.5 1533 .226 1533 extendable
ip nat inside source static tcp 192.168.2.6 25 .226 25 extendable
ip nat inside source static tcp 192.168.2.7 21 .229 21 extendable
ip nat inside source static tcp 192.168.2.7 20 .229 20 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 .225
ip route 192.168.0.0 255.255.255.0 192.168.2.254
ip route 192.168.1.0 255.255.255.0 192.168.2.254
ip route 192.168.3.0 255.255.255.0 192.168.2.254
no ip http server
!
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 remark Traffic allowed to enter the router from Internet
access-list 101 permit tcp any any eq telnet
access-list 101 deny ip host 218.18.155.153 any
access-list 101 deny ip host 61.144.183.120 any
access-list 101 deny ip host 220.117.231.148 any
access-list 101 deny ip host 61.91.104.77 any
access-list 101 deny ip host 220.117.227.1 any
access-list 101 deny ip host 212.115.7.240 any
access-list 101 deny ip 195.23.83.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 permit tcp host 161.165.202.24 any eq 4080 log
access-list 101 permit tcp host 161.165.202.25 any eq 4080 log
access-list 101 permit tcp host 161.165.202.26 any eq 4080 log
access-list 101 permit tcp host 161.165.202.27 any eq 4080 log
access-list 101 permit tcp host 161.165.202.24 any eq 4081 log
access-list 101 permit tcp host 161.165.202.25 any eq 4081 log
access-list 101 permit tcp host 161.165.202.26 any eq 4081 log
access-list 101 permit tcp host 161.165.202.27 any eq 4081 log
access-list 101 permit udp host 161.165.202.24 any eq 4080 log
access-list 101 permit udp host 161.165.202.25 any eq 4080 log
access-list 101 permit udp host 161.165.202.26 any eq 4080 log
access-list 101 permit udp host 161.165.202.27 any eq 4080 log
access-list 101 permit udp host 161.165.202.24 any eq 4081 log
access-list 101 permit udp host 161.165.202.25 any eq 4081 log
access-list 101 permit udp host 161.165.202.26 any eq 4081 log
access-list 101 permit udp host 161.165.202.27 any eq 4081 log
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any any eq 3201
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 3390
access-list 101 permit tcp any any eq 1494
access-list 101 permit tcp any any eq 4200
access-list 101 permit tcp any any eq 4100
access-list 101 permit tcp any any eq 1533
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 50102
access-list 101 permit udp any any range 8234 8239
access-list 101 permit tcp any any range 8234 8239
access-list 101 permit gre any any
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffic allowed to enter the router from the LAN
access-list 102 deny 139 any any
access-list 102 permit ip host 192.168.2.2 any
access-list 102 permit ip host 192.168.2.252 any
access-list 102 permit ip host 192.168.2.5 any
access-list 102 permit ip host 192.168.2.6 any
access-list 102 permit ip host 192.168.2.7 any
access-list 102 permit ip host 192.168.2.10 any
access-list 102 permit ip host 192.168.2.71 any
access-list 102 permit ip host 192.168.2.250 any
access-list 102 permit ip host 192.168.2.200 any
access-list 102 permit ip host 192.168.2.209 any
access-list 102 permit ip host 192.168.2.211 any
access-list 102 permit ip host 192.168.2.212 any
access-list 102 permit ip host 192.168.2.213 any
access-list 102 permit ip host 192.168.2.215 any
access-list 102 permit ip host 192.168.2.226 any
access-list 102 permit ip host 192.168.2.229 any
access-list 102 permit ip host 192.168.2.230 any
access-list 102 permit ip host 192.168.2.233 any
access-list 102 permit ip host 192.168.2.242 any
access-list 102 permit ip host 192.168.2.243 any
access-list 102 permit ip host 192.168.2.244 any
access-list 102 permit ip host 192.168.2.245 any
access-list 102 permit ip host 192.168.2.246 any
access-list 102 permit ip host 192.168.2.247 any
access-list 102 permit ip host 192.168.2.248 any
access-list 102 permit ip host 192.168.0.1 any
access-list 102 permit ip host 192.168.0.6 any
access-list 102 permit ip host 192.168.3.200 any
access-list 102 permit ip host 192.168.3.21 any
access-list 102 permit ip any host 80.253.98.66
access-list 102 permit ip any host 80.165.25.82
access-list 102 permit ip any host 81.144.222.10
access-list 102 permit ip any host 81.144.222.11
access-list 102 permit ip any host 81.144.222.12
access-list 102 permit ip any host 192.168.2.150
access-list 102 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 6129
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
We have 8mb broadband from our isps router then a 1700 with two ethernet ports using NAT. There are quite a few port forwards to various services and using VPN.
I put a pc directly on the isps router, and browsing was lightening fast, took less than a second to load orange.co.uk (this is one of the troublesome domains) but going direct through the cisco it took well over a minute, and clicking any links took ages! I think this is also why certain email domains keep timing out.
So running through the cisco is definately much slower but only to certain domains, this is what I can't understand, other sites through the cisco are very quick.
Any ideas?
System image file is "flash:c1700-k9o3sy7-mz.122-11.T10.bin"
cisco 1720 (MPC860T) processor (revision 0x301) with 36864K/12288K bytes of memo
ry.
Processor board ID JAD0409089Z (139905154), with hardware revision 0000
MPC860T processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
#sh int fa0
FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 00b0.c288.9ede (bia 00b0.c288.9ede)
Internet address is 192.168.2.150/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 17:16:18
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 459000 bits/sec, 65 packets/sec
5 minute output rate 137000 bits/sec, 52 packets/sec
943415 packets input, 703280087 bytes
Received 82236 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
710820 packets output, 302001823 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
#sh int e0
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0004.dd0b.d313 (bia 0004.dd0b.d313)
Internet address is [External IP]
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 7/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10BaseT
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 17:17:58
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 100000 bits/sec, 29 packets/sec
5 minute output rate 313000 bits/sec, 33 packets/sec
650196 packets input, 298668752 bytes, 0 no buffer
Received 83493 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 3 overrun, 0 ignored
0 input packets with dribble condition detected
711358 packets output, 679022980 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
#sh run
Building configuration...
Current configuration : 8606 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
memory-size iomem 25
ip subnet-zero
!
!
!
ip inspect name eth_0 tcp
ip inspect name eth_0 cuseeme
ip inspect name eth_0 ftp
ip inspect name eth_0 h323
ip inspect name eth_0 rcmd
ip inspect name eth_0 realaudio
ip inspect name eth_0 streamworks
ip inspect name eth_0 vdolive
ip inspect name eth_0 sqlnet
ip inspect name eth_0 tftp
ip inspect name eth_0 udp
ip inspect name eth_0 http
ip inspect name eth_0 smtp
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
ip address .227 255.255.255.240 secondary
ip address .228 255.255.255.240 secondary
ip address .229 255.255.255.240 secondary
ip address .230 255.255.255.240 secondary
ip address .231 255.255.255.240 secondary
ip address .232 255.255.255.240 secondary
ip address .226 255.255.255.240
ip access-group 101 in
ip nat outside
full-duplex
!
interface FastEthernet0
ip address 192.168.2.150 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect eth_0 in
speed auto
no cdp enable
!
interface Virtual-Template1
ip unnumbered FastEthernet0
peer default ip address pool pptp
ppp encrypt mppe auto
ppp authentication ms-chap
!
interface Dialer0
no ip address
!
ip local pool pptp 192.168.2.235 192.168.2.239
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.3.200 80 .231 80 extendable
ip nat inside source static tcp 192.168.2.200 80 .232 80 extendable
ip nat inside source static tcp 192.168.2.226 4080 .228 4080 extendab
e
ip nat inside source static tcp 192.168.2.226 4081 .228 4081 extendab
e
ip nat inside source static tcp 192.168.2.252 3390 .230 80 extendable
ip nat inside source static tcp 192.168.2.5 80 .226 80 extendable
ip nat inside source static tcp 192.168.2.250 3389 .229 80 extendable
ip nat inside source static tcp 192.168.2.5 1533 .226 1533 extendable
ip nat inside source static tcp 192.168.2.6 25 .226 25 extendable
ip nat inside source static tcp 192.168.2.7 21 .229 21 extendable
ip nat inside source static tcp 192.168.2.7 20 .229 20 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 .225
ip route 192.168.0.0 255.255.255.0 192.168.2.254
ip route 192.168.1.0 255.255.255.0 192.168.2.254
ip route 192.168.3.0 255.255.255.0 192.168.2.254
no ip http server
!
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 remark Traffic allowed to enter the router from Internet
access-list 101 permit tcp any any eq telnet
access-list 101 deny ip host 218.18.155.153 any
access-list 101 deny ip host 61.144.183.120 any
access-list 101 deny ip host 220.117.231.148 any
access-list 101 deny ip host 61.91.104.77 any
access-list 101 deny ip host 220.117.227.1 any
access-list 101 deny ip host 212.115.7.240 any
access-list 101 deny ip 195.23.83.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 permit tcp host 161.165.202.24 any eq 4080 log
access-list 101 permit tcp host 161.165.202.25 any eq 4080 log
access-list 101 permit tcp host 161.165.202.26 any eq 4080 log
access-list 101 permit tcp host 161.165.202.27 any eq 4080 log
access-list 101 permit tcp host 161.165.202.24 any eq 4081 log
access-list 101 permit tcp host 161.165.202.25 any eq 4081 log
access-list 101 permit tcp host 161.165.202.26 any eq 4081 log
access-list 101 permit tcp host 161.165.202.27 any eq 4081 log
access-list 101 permit udp host 161.165.202.24 any eq 4080 log
access-list 101 permit udp host 161.165.202.25 any eq 4080 log
access-list 101 permit udp host 161.165.202.26 any eq 4080 log
access-list 101 permit udp host 161.165.202.27 any eq 4080 log
access-list 101 permit udp host 161.165.202.24 any eq 4081 log
access-list 101 permit udp host 161.165.202.25 any eq 4081 log
access-list 101 permit udp host 161.165.202.26 any eq 4081 log
access-list 101 permit udp host 161.165.202.27 any eq 4081 log
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any any eq 3201
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 3390
access-list 101 permit tcp any any eq 1494
access-list 101 permit tcp any any eq 4200
access-list 101 permit tcp any any eq 4100
access-list 101 permit tcp any any eq 1533
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 50102
access-list 101 permit udp any any range 8234 8239
access-list 101 permit tcp any any range 8234 8239
access-list 101 permit gre any any
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffic allowed to enter the router from the LAN
access-list 102 deny 139 any any
access-list 102 permit ip host 192.168.2.2 any
access-list 102 permit ip host 192.168.2.252 any
access-list 102 permit ip host 192.168.2.5 any
access-list 102 permit ip host 192.168.2.6 any
access-list 102 permit ip host 192.168.2.7 any
access-list 102 permit ip host 192.168.2.10 any
access-list 102 permit ip host 192.168.2.71 any
access-list 102 permit ip host 192.168.2.250 any
access-list 102 permit ip host 192.168.2.200 any
access-list 102 permit ip host 192.168.2.209 any
access-list 102 permit ip host 192.168.2.211 any
access-list 102 permit ip host 192.168.2.212 any
access-list 102 permit ip host 192.168.2.213 any
access-list 102 permit ip host 192.168.2.215 any
access-list 102 permit ip host 192.168.2.226 any
access-list 102 permit ip host 192.168.2.229 any
access-list 102 permit ip host 192.168.2.230 any
access-list 102 permit ip host 192.168.2.233 any
access-list 102 permit ip host 192.168.2.242 any
access-list 102 permit ip host 192.168.2.243 any
access-list 102 permit ip host 192.168.2.244 any
access-list 102 permit ip host 192.168.2.245 any
access-list 102 permit ip host 192.168.2.246 any
access-list 102 permit ip host 192.168.2.247 any
access-list 102 permit ip host 192.168.2.248 any
access-list 102 permit ip host 192.168.0.1 any
access-list 102 permit ip host 192.168.0.6 any
access-list 102 permit ip host 192.168.3.200 any
access-list 102 permit ip host 192.168.3.21 any
access-list 102 permit ip any host 80.253.98.66
access-list 102 permit ip any host 80.165.25.82
access-list 102 permit ip any host 81.144.222.10
access-list 102 permit ip any host 81.144.222.11
access-list 102 permit ip any host 81.144.222.12
access-list 102 permit ip any host 192.168.2.150
access-list 102 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 6129
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!