Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.
Course Of The Month
2 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Broadband Connection slow using cisco 2600.
Posted on 2004-08-04
I bought a cisco 2600 to connect to my broadband cable connection, I installed the firewall feature set and everything is connected and runs. However, it runst very slowly, compared to just a regular linksys router. I would think the cisco should be faster, so it must be something in the config, I will post it here.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Butt-Router
!
enable secret 5 #######################
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect max-incomplete low 100
ip inspect max-incomplete high 1100
ip inspect one-minute low 100
ip inspect one-minute high 1100
ip inspect udp idle-time 15
ip inspect dns-timeout 2
ip inspect tcp idle-time 600
ip inspect tcp synwait-time 10
ip inspect name Ethernet0/0 tcp
ip inspect name Ethernet0/0 udp
ip inspect name Ethernet0/0 cuseeme
ip inspect name Ethernet0/0 ftp
ip inspect name Ethernet0/0 h323
ip inspect name Ethernet0/0 rcmd
ip inspect name Ethernet0/0 realaudio
ip inspect name Ethernet0/0 streamworks
ip inspect name Ethernet0/0 vdolive
ip inspect name Ethernet0/0 sqlnet
ip inspect name Ethernet0/0 tftp
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC smtp
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!!
!
!
!
!
!
interface Ethernet0/0
description connected to Internet
ip address dhcp
ip access-group 101 in
ip nat outside
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to EthernetLAN
ip address 192.168.1.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect CBAC out
full-duplex
no cdp enable
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.15 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.15 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.15 4125 interface Ethernet0/0 4125
ip nat inside source static tcp 192.168.1.15 444 interface Ethernet0/0 444
ip nat inside source static tcp 192.168.1.15 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.15 21 interface Ethernet0/0 21
ip nat inside source static tcp 192.168.1.15 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.26 6881 interface Ethernet0/0 6881
ip nat inside source static tcp 192.168.1.26 6882 interface Ethernet0/0 6882
ip nat inside source static tcp 192.168.1.26 6883 interface Ethernet0/0 6883
ip nat inside source static tcp 192.168.1.26 6884 interface Ethernet0/0 6884
ip nat inside source static tcp 192.168.1.26 6885 interface Ethernet0/0 6885
ip nat inside source static tcp 192.168.1.26 6886 interface Ethernet0/0 6886
ip nat inside source static tcp 192.168.1.26 6887 interface Ethernet0/0 6887
ip nat inside source static tcp 192.168.1.26 6888 interface Ethernet0/0 6888
ip nat inside source static tcp 192.168.1.26 6889 interface Ethernet0/0 6889
ip nat inside source static tcp 192.168.1.15 25 interface Ethernet0/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
!
dial-peer cor custom
!
!
!
!
banner motd ^CCC GO AWAY, UNAUTHORISED ACCESS IS PROHIBITED. SO GO AWAY. !!!
!!!^C
!
line con 0
exec-timeout 0 0
!
!
!
line con 0
exec-timeout 0 0
password 7 ################# logging synchronous
login
line aux 0
password 7 #################
line vty 0 4
login
!
end
I am running Small business server 2003, but I dont think this is causing the slowdown, any suggestions? Thank you so much for your help.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Butt-Router
!
enable secret 5 #######################
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect max-incomplete low 100
ip inspect max-incomplete high 1100
ip inspect one-minute low 100
ip inspect one-minute high 1100
ip inspect udp idle-time 15
ip inspect dns-timeout 2
ip inspect tcp idle-time 600
ip inspect tcp synwait-time 10
ip inspect name Ethernet0/0 tcp
ip inspect name Ethernet0/0 udp
ip inspect name Ethernet0/0 cuseeme
ip inspect name Ethernet0/0 ftp
ip inspect name Ethernet0/0 h323
ip inspect name Ethernet0/0 rcmd
ip inspect name Ethernet0/0 realaudio
ip inspect name Ethernet0/0 streamworks
ip inspect name Ethernet0/0 vdolive
ip inspect name Ethernet0/0 sqlnet
ip inspect name Ethernet0/0 tftp
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC smtp
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!!
!
!
!
!
!
interface Ethernet0/0
description connected to Internet
ip address dhcp
ip access-group 101 in
ip nat outside
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to EthernetLAN
ip address 192.168.1.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect CBAC out
full-duplex
no cdp enable
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.15 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.15 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.15 4125 interface Ethernet0/0 4125
ip nat inside source static tcp 192.168.1.15 444 interface Ethernet0/0 444
ip nat inside source static tcp 192.168.1.15 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.15 21 interface Ethernet0/0 21
ip nat inside source static tcp 192.168.1.15 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.26 6881 interface Ethernet0/0 6881
ip nat inside source static tcp 192.168.1.26 6882 interface Ethernet0/0 6882
ip nat inside source static tcp 192.168.1.26 6883 interface Ethernet0/0 6883
ip nat inside source static tcp 192.168.1.26 6884 interface Ethernet0/0 6884
ip nat inside source static tcp 192.168.1.26 6885 interface Ethernet0/0 6885
ip nat inside source static tcp 192.168.1.26 6886 interface Ethernet0/0 6886
ip nat inside source static tcp 192.168.1.26 6887 interface Ethernet0/0 6887
ip nat inside source static tcp 192.168.1.26 6888 interface Ethernet0/0 6888
ip nat inside source static tcp 192.168.1.26 6889 interface Ethernet0/0 6889
ip nat inside source static tcp 192.168.1.15 25 interface Ethernet0/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
!
dial-peer cor custom
!
!
!
!
banner motd ^CCC GO AWAY, UNAUTHORISED ACCESS IS PROHIBITED. SO GO AWAY. !!!
!!!^C
!
line con 0
exec-timeout 0 0
!
!
!
line con 0
exec-timeout 0 0
password 7 ################# logging synchronous
login
line aux 0
password 7 #################
line vty 0 4
login
!
end
I am running Small business server 2003, but I dont think this is causing the slowdown, any suggestions? Thank you so much for your help.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Not sure if this will help with the speed at all but a couple suggestions:
Remove "ip access-group 101 in" from the ethernet0/0 interface as access-list 101 is not defined on the router. The command is useless. Same thing on ethernet0/1, remove "ip access-group 102 in". Also, you typically want the IOS Firewall to inspects packets outbound of your Internet connected interface. Remove "ip inspect CBAC out" from ethernet0/1 and add it to ethernet 0/0.
Also, posting the interface counters "show int ethernet 0/0" and "show int ethernet 0/1" might be useful.
On Ethernet 0/1, you have it set to "full-duplex", is the hub/switch port connected to ethernet 0/1 set to full duplex also or is it autonegotiate? Make sure it is set to full duplex or you will get a duplex mismatch and speed will suffer. If the device is only capable of autonegotiating, set ethernet 0/1 back to autonegotiate. You may want to set ethernet 0/0 to auto as well.
Remove "ip access-group 101 in" from the ethernet0/0 interface as access-list 101 is not defined on the router. The command is useless. Same thing on ethernet0/1, remove "ip access-group 102 in". Also, you typically want the IOS Firewall to inspects packets outbound of your Internet connected interface. Remove "ip inspect CBAC out" from ethernet0/1 and add it to ethernet 0/0.
Also, posting the interface counters "show int ethernet 0/0" and "show int ethernet 0/1" might be useful.
On Ethernet 0/1, you have it set to "full-duplex", is the hub/switch port connected to ethernet 0/1 set to full duplex also or is it autonegotiate? Make sure it is set to full duplex or you will get a duplex mismatch and speed will suffer. If the device is only capable of autonegotiating, set ethernet 0/1 back to autonegotiate. You may want to set ethernet 0/0 to auto as well.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Powerful Wi-Fi Router | 13 | 139 | |
| Switch between cable modem and router? | 5 | 116 | |
| Router Upgrade | 11 | 69 | |
| Fiber Broadband Internet Connection | 20 | 142 |
Cable Modem Provisioning from DPoE compliant server
This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work…
While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working. It seemed random and we could not understa…
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month2 days, 22 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.