seancaddell
asked on
Cisco 837 Firewall causing internet connection to slow right down
I have configured my 837 router and all seems to work fine until I enable the firewall.
When the firewall is activated web pages take an age to load if at all.
I have tried with basic and advanced firewall settings but both cause sever delays with web page loading times.
My running config is below
Thanks for your help..
Sean
When the firewall is activated web pages take an age to load if at all.
I have tried with basic and advanced firewall settings but both cause sever delays with web page loading times.
My running config is below
Thanks for your help..
Sean
Building configuration...
Current configuration : 3526 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$AlJ9$vBWOZWoq9udM7HyYzCJjP.
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.0.1 192.168.0.210
ip dhcp excluded-address 192.168.0.240 192.168.0.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.150
dns-server 62.24.218.220 62.24.218.221
!
!
ip domain name yourdomain.com
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip ips po max-events 100
no ftp-server write-enable
!
!
username sean privilege 15 secret 5 $1$rXAK$cxa0GJc1PS4ocEDPURn/7.
!
!
no crypto isakmp ccm
!
!
!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.150 255.255.255.0
ip nat inside
ip inspect SDM_LOW in
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
description $ES_WAN$
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname 02380667665@talktalkbusiness.net
ppp chap password 0 x7p5m4k2
ppp pap sent-username 02380667665@talktalkbusiness.net password 0 x7p5m4k2
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
control-plane
!
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ip inspect name SDM_LOW http
ip inspect name SDM_LOW https