GT181
asked on
Cisco router has difficulty with internet traffic
Hosts reaching the internet through this router have low throughput. Also style sheets are not loading in the browser. Here is my config, with the name of the company and passwords blanked out, any advice will be appreciated.
Current configuration : 7002 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********RTR
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 **************************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-735739640
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-735739640
!
!
crypto pki certificate chain TP-self-signed-735739640
certificate self-signed 01
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333537 33393634 30301E17 0D303230 33303430 35353532
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 35373339
36343030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
AC15B404 84488B1C 801EBB70 8BEC4A20 3407B3C2 29339D95 8E915A29 F11F09F0
4A38B4A5 3D683079 78458FB1 393F78C5 A7025ADF 46D587CA 7CC7843B FF97BC66
1CE4C6F5 68C8DC54 80C1F183 822CF128 E87A4165 7D26CEA7 DA301C3B 9C374B34
04CCE26B 18385F2B 637D27AC 9BF521C2 A7030F39 CE19587C 4F24EBD0 9BFBBC55
02030100 01A36B30 69300F06 03551D13 0101FF04 05300301 01FF3016 0603551D
11040F30 0D820B45 43686172 67653252 5452301F 0603551D 23041830 16801415
5A177474 0725CCD3 426D4CFE FBA44EE9 7F188A30 1D060355 1D0E0416 0414155A
17747407 25CCD342 6D4CFEFB A44EE97F 188A300D 06092A86 4886F70D 01010405
00038181 0020BE85 54D183BB 2AD6BFDC 671EF961 11E4C317 88C05508 CFEA34AF
B7253F1D 023C511F EFB1C73D 4C6A0D56 7483B727 9394E2FE 96E31C27 028DC428
8F63B229 A84868C7 C4A31DC3 E810C4ED 4EEDEA8F 53284FB1 B3488D72 DDDE389D
D197E29A 86D58210 229843EE D13AB861 C55CFFF9 451DE60E 5227C725 16323972
2FEB8A3A 23
quit
dot11 syslog
!
dot11 ssid ***********
vlan 75
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 *****************
!
dot11 ssid ********
!
ip source-route
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.10
!
ip dhcp pool inside
import all
network 192.168.75.0 255.255.255.0
default-router 192.168.75.1
dns-server 68.87.68.166 68.87.74.166
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username *********** privilege 15 secret 5 $8888888888888888888888
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-cls-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-cls-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
pass
class class-default
pass
policy-map type inspect sdm-inspect-voip-in
class type inspect SDM-Voice-permit
pass
class class-default
drop
policy-map type inspect sdm-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-in source out-zone destination in-zone
service-policy type inspect sdm-inspect-voip-in
!
bridge irb
!
!
interface FastEthernet0
switchport access vlan 75
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address 192.168.15.80 255.255.255.192
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 75 mode ciphers tkip
!
broadcast-key vlan 75 change 45
!
!
ssid **********
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
!
interface Dot11Radio0.75
encapsulation dot1Q 75 native
bridge-group 75
bridge-group 75 subscriber-loop-control
bridge-group 75 spanning-disabled
bridge-group 75 block-unknown-source
no bridge-group 75 source-learning
no bridge-group 75 unicast-flooding
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
no ip address
bridge-group 75
bridge-group 75 spanning-disabled
!
interface BVI75
description $FW_INSIDE$
ip address 192.168.75.1 255.255.255.0
ip helper-address 192.168.75.1
ip virtual-reassembly
!
router rip
version 2
network 192.168.1.0
network 192.168.75.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static udp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static tcp 192.168.75.2 1720 interface FastEthernet4 1720
ip nat outside source list 1 pool access-list
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.75.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
!
!
control-plane
!
bridge 75 route ip
banner motd ^C
This equipment is property of **********
Any unauthorized access will be prosecuted to the full extent of the law.
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Current configuration : 7002 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********RTR
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 **************************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-735739640
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-735739640
!
!
crypto pki certificate chain TP-self-signed-735739640
certificate self-signed 01
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333537 33393634 30301E17 0D303230 33303430 35353532
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 35373339
36343030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
AC15B404 84488B1C 801EBB70 8BEC4A20 3407B3C2 29339D95 8E915A29 F11F09F0
4A38B4A5 3D683079 78458FB1 393F78C5 A7025ADF 46D587CA 7CC7843B FF97BC66
1CE4C6F5 68C8DC54 80C1F183 822CF128 E87A4165 7D26CEA7 DA301C3B 9C374B34
04CCE26B 18385F2B 637D27AC 9BF521C2 A7030F39 CE19587C 4F24EBD0 9BFBBC55
02030100 01A36B30 69300F06 03551D13 0101FF04 05300301 01FF3016 0603551D
11040F30 0D820B45 43686172 67653252 5452301F 0603551D 23041830 16801415
5A177474 0725CCD3 426D4CFE FBA44EE9 7F188A30 1D060355 1D0E0416 0414155A
17747407 25CCD342 6D4CFEFB A44EE97F 188A300D 06092A86 4886F70D 01010405
00038181 0020BE85 54D183BB 2AD6BFDC 671EF961 11E4C317 88C05508 CFEA34AF
B7253F1D 023C511F EFB1C73D 4C6A0D56 7483B727 9394E2FE 96E31C27 028DC428
8F63B229 A84868C7 C4A31DC3 E810C4ED 4EEDEA8F 53284FB1 B3488D72 DDDE389D
D197E29A 86D58210 229843EE D13AB861 C55CFFF9 451DE60E 5227C725 16323972
2FEB8A3A 23
quit
dot11 syslog
!
dot11 ssid ***********
vlan 75
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 *****************
!
dot11 ssid ********
!
ip source-route
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.10
!
ip dhcp pool inside
import all
network 192.168.75.0 255.255.255.0
default-router 192.168.75.1
dns-server 68.87.68.166 68.87.74.166
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username *********** privilege 15 secret 5 $8888888888888888888888
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-cls-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-cls-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
pass
class class-default
pass
policy-map type inspect sdm-inspect-voip-in
class type inspect SDM-Voice-permit
pass
class class-default
drop
policy-map type inspect sdm-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-in source out-zone destination in-zone
service-policy type inspect sdm-inspect-voip-in
!
bridge irb
!
!
interface FastEthernet0
switchport access vlan 75
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address 192.168.15.80 255.255.255.192
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 75 mode ciphers tkip
!
broadcast-key vlan 75 change 45
!
!
ssid **********
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
!
interface Dot11Radio0.75
encapsulation dot1Q 75 native
bridge-group 75
bridge-group 75 subscriber-loop-control
bridge-group 75 spanning-disabled
bridge-group 75 block-unknown-source
no bridge-group 75 source-learning
no bridge-group 75 unicast-flooding
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
no ip address
bridge-group 75
bridge-group 75 spanning-disabled
!
interface BVI75
description $FW_INSIDE$
ip address 192.168.75.1 255.255.255.0
ip helper-address 192.168.75.1
ip virtual-reassembly
!
router rip
version 2
network 192.168.1.0
network 192.168.75.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static udp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static tcp 192.168.75.2 1720 interface FastEthernet4 1720
ip nat outside source list 1 pool access-list
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.75.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
!
!
!
!
!
control-plane
!
bridge 75 route ip
banner motd ^C
This equipment is property of **********
Any unauthorized access will be prosecuted to the full extent of the law.
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
why you are using all these default routes
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65
?????
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65
?????
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, I removed the extra static routes (which were a result of my bringing the router home and messing with it) and switched DNS, everything works great now.
ASKER