Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 675
  • Last Modified:

Cisco 837 Firewall causing internet connection to slow right down

I have configured my 837 router and all seems to work fine until I enable the firewall.

When the firewall is activated web pages take an age to load if at all.

I have tried with basic and advanced firewall settings but both cause sever delays with web page loading times.

My running config is below

Thanks for your help..

Sean

Building configuration...
 
Current configuration : 3526 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$AlJ9$vBWOZWoq9udM7HyYzCJjP.
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.0.1 192.168.0.210
ip dhcp excluded-address 192.168.0.240 192.168.0.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.150 
   dns-server 62.24.218.220 62.24.218.221 
!
!
ip domain name yourdomain.com
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip ips po max-events 100
no ftp-server write-enable
!
!
username sean privilege 15 secret 5 $1$rXAK$cxa0GJc1PS4ocEDPURn/7.
!
! 
no crypto isakmp ccm
!
!
!
interface Ethernet0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.150 255.255.255.0
 ip nat inside
 ip inspect SDM_LOW in
 ip virtual-reassembly
 hold-queue 100 out
!
interface ATM0
 description $ES_WAN$
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 101 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp chap hostname 02380667665@talktalkbusiness.net
 ppp chap password 0 x7p5m4k2
 ppp pap sent-username 02380667665@talktalkbusiness.net password 0 x7p5m4k2
 ppp ipcp dns request
 ppp ipcp mask request
 ppp ipcp route default
 ppp ipcp address accept
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
!
control-plane
!
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

0
seancaddell
Asked:
seancaddell
1 Solution
 
Ilir MitrushiIT Infrastructure and Security ArchitectCommented:
try and add to your confiiguration these two lines and see
ip inspect name SDM_LOW http
ip inspect name SDM_LOW https
0
 
seancaddellAuthor Commented:
That makes no difference.

Also, the second line is rejected by the CLI.


0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now