Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Solved
Broadband Connection slow using cisco 2600.
Posted on 2004-08-04
I bought a cisco 2600 to connect to my broadband cable connection, I installed the firewall feature set and everything is connected and runs. However, it runst very slowly, compared to just a regular linksys router. I would think the cisco should be faster, so it must be something in the config, I will post it here.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Butt-Router
!
enable secret 5 #######################
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect max-incomplete low 100
ip inspect max-incomplete high 1100
ip inspect one-minute low 100
ip inspect one-minute high 1100
ip inspect udp idle-time 15
ip inspect dns-timeout 2
ip inspect tcp idle-time 600
ip inspect tcp synwait-time 10
ip inspect name Ethernet0/0 tcp
ip inspect name Ethernet0/0 udp
ip inspect name Ethernet0/0 cuseeme
ip inspect name Ethernet0/0 ftp
ip inspect name Ethernet0/0 h323
ip inspect name Ethernet0/0 rcmd
ip inspect name Ethernet0/0 realaudio
ip inspect name Ethernet0/0 streamworks
ip inspect name Ethernet0/0 vdolive
ip inspect name Ethernet0/0 sqlnet
ip inspect name Ethernet0/0 tftp
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC smtp
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!!
!
!
!
!
!
interface Ethernet0/0
description connected to Internet
ip address dhcp
ip access-group 101 in
ip nat outside
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to EthernetLAN
ip address 192.168.1.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect CBAC out
full-duplex
no cdp enable
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.15 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.15 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.15 4125 interface Ethernet0/0 4125
ip nat inside source static tcp 192.168.1.15 444 interface Ethernet0/0 444
ip nat inside source static tcp 192.168.1.15 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.15 21 interface Ethernet0/0 21
ip nat inside source static tcp 192.168.1.15 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.26 6881 interface Ethernet0/0 6881
ip nat inside source static tcp 192.168.1.26 6882 interface Ethernet0/0 6882
ip nat inside source static tcp 192.168.1.26 6883 interface Ethernet0/0 6883
ip nat inside source static tcp 192.168.1.26 6884 interface Ethernet0/0 6884
ip nat inside source static tcp 192.168.1.26 6885 interface Ethernet0/0 6885
ip nat inside source static tcp 192.168.1.26 6886 interface Ethernet0/0 6886
ip nat inside source static tcp 192.168.1.26 6887 interface Ethernet0/0 6887
ip nat inside source static tcp 192.168.1.26 6888 interface Ethernet0/0 6888
ip nat inside source static tcp 192.168.1.26 6889 interface Ethernet0/0 6889
ip nat inside source static tcp 192.168.1.15 25 interface Ethernet0/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
!
dial-peer cor custom
!
!
!
!
banner motd ^CCC GO AWAY, UNAUTHORISED ACCESS IS PROHIBITED. SO GO AWAY. !!!
!!!^C
!
line con 0
exec-timeout 0 0
!
!
!
line con 0
exec-timeout 0 0
password 7 ################# logging synchronous
login
line aux 0
password 7 #################
line vty 0 4
login
!
end
I am running Small business server 2003, but I dont think this is causing the slowdown, any suggestions? Thank you so much for your help.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Butt-Router
!
enable secret 5 #######################
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect max-incomplete low 100
ip inspect max-incomplete high 1100
ip inspect one-minute low 100
ip inspect one-minute high 1100
ip inspect udp idle-time 15
ip inspect dns-timeout 2
ip inspect tcp idle-time 600
ip inspect tcp synwait-time 10
ip inspect name Ethernet0/0 tcp
ip inspect name Ethernet0/0 udp
ip inspect name Ethernet0/0 cuseeme
ip inspect name Ethernet0/0 ftp
ip inspect name Ethernet0/0 h323
ip inspect name Ethernet0/0 rcmd
ip inspect name Ethernet0/0 realaudio
ip inspect name Ethernet0/0 streamworks
ip inspect name Ethernet0/0 vdolive
ip inspect name Ethernet0/0 sqlnet
ip inspect name Ethernet0/0 tftp
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC smtp
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!!
!
!
!
!
!
interface Ethernet0/0
description connected to Internet
ip address dhcp
ip access-group 101 in
ip nat outside
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to EthernetLAN
ip address 192.168.1.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip inspect CBAC out
full-duplex
no cdp enable
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.15 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.15 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.15 4125 interface Ethernet0/0 4125
ip nat inside source static tcp 192.168.1.15 444 interface Ethernet0/0 444
ip nat inside source static tcp 192.168.1.15 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.15 21 interface Ethernet0/0 21
ip nat inside source static tcp 192.168.1.15 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.26 6881 interface Ethernet0/0 6881
ip nat inside source static tcp 192.168.1.26 6882 interface Ethernet0/0 6882
ip nat inside source static tcp 192.168.1.26 6883 interface Ethernet0/0 6883
ip nat inside source static tcp 192.168.1.26 6884 interface Ethernet0/0 6884
ip nat inside source static tcp 192.168.1.26 6885 interface Ethernet0/0 6885
ip nat inside source static tcp 192.168.1.26 6886 interface Ethernet0/0 6886
ip nat inside source static tcp 192.168.1.26 6887 interface Ethernet0/0 6887
ip nat inside source static tcp 192.168.1.26 6888 interface Ethernet0/0 6888
ip nat inside source static tcp 192.168.1.26 6889 interface Ethernet0/0 6889
ip nat inside source static tcp 192.168.1.15 25 interface Ethernet0/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
!
dial-peer cor custom
!
!
!
!
banner motd ^CCC GO AWAY, UNAUTHORISED ACCESS IS PROHIBITED. SO GO AWAY. !!!
!!!^C
!
line con 0
exec-timeout 0 0
!
!
!
line con 0
exec-timeout 0 0
password 7 ################# logging synchronous
login
line aux 0
password 7 #################
line vty 0 4
login
!
end
I am running Small business server 2003, but I dont think this is causing the slowdown, any suggestions? Thank you so much for your help.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Not sure if this will help with the speed at all but a couple suggestions:
Remove "ip access-group 101 in" from the ethernet0/0 interface as access-list 101 is not defined on the router. The command is useless. Same thing on ethernet0/1, remove "ip access-group 102 in". Also, you typically want the IOS Firewall to inspects packets outbound of your Internet connected interface. Remove "ip inspect CBAC out" from ethernet0/1 and add it to ethernet 0/0.
Also, posting the interface counters "show int ethernet 0/0" and "show int ethernet 0/1" might be useful.
On Ethernet 0/1, you have it set to "full-duplex", is the hub/switch port connected to ethernet 0/1 set to full duplex also or is it autonegotiate? Make sure it is set to full duplex or you will get a duplex mismatch and speed will suffer. If the device is only capable of autonegotiating, set ethernet 0/1 back to autonegotiate. You may want to set ethernet 0/0 to auto as well.
Remove "ip access-group 101 in" from the ethernet0/0 interface as access-list 101 is not defined on the router. The command is useless. Same thing on ethernet0/1, remove "ip access-group 102 in". Also, you typically want the IOS Firewall to inspects packets outbound of your Internet connected interface. Remove "ip inspect CBAC out" from ethernet0/1 and add it to ethernet 0/0.
Also, posting the interface counters "show int ethernet 0/0" and "show int ethernet 0/1" might be useful.
On Ethernet 0/1, you have it set to "full-duplex", is the hub/switch port connected to ethernet 0/1 set to full duplex also or is it autonegotiate? Make sure it is set to full duplex or you will get a duplex mismatch and speed will suffer. If the device is only capable of autonegotiating, set ethernet 0/1 back to autonegotiate. You may want to set ethernet 0/0 to auto as well.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server
This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
How to fix incompatible JVM issue while installing Eclipse
While installing Eclipse in windows, got one error like above and unable to proceed with the installation.
This video describes how to successfully install Eclipse.
How to solve incompa…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.
But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month11 days, 12 hours left to enroll
730 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.