Solved

Cisco router has difficulty with internet traffic

Posted on 2009-07-11
4
482 Views
Last Modified: 2012-06-21
Hosts reaching the internet through this router have low throughput. Also style sheets are not loading in the browser. Here is my config, with the name of the company and passwords blanked out, any advice will be appreciated.
Current configuration : 7002 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********RTR
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 ************************************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-735739640
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-735739640
 revocation-check none
 rsakeypair TP-self-signed-735739640
!
!
crypto pki certificate chain TP-self-signed-735739640
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37333537 33393634 30301E17 0D303230 33303430 35353532
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 35373339
  36343030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  AC15B404 84488B1C 801EBB70 8BEC4A20 3407B3C2 29339D95 8E915A29 F11F09F0
  4A38B4A5 3D683079 78458FB1 393F78C5 A7025ADF 46D587CA 7CC7843B FF97BC66
  1CE4C6F5 68C8DC54 80C1F183 822CF128 E87A4165 7D26CEA7 DA301C3B 9C374B34
  04CCE26B 18385F2B 637D27AC 9BF521C2 A7030F39 CE19587C 4F24EBD0 9BFBBC55
  02030100 01A36B30 69300F06 03551D13 0101FF04 05300301 01FF3016 0603551D
  11040F30 0D820B45 43686172 67653252 5452301F 0603551D 23041830 16801415
  5A177474 0725CCD3 426D4CFE FBA44EE9 7F188A30 1D060355 1D0E0416 0414155A
  17747407 25CCD342 6D4CFEFB A44EE97F 188A300D 06092A86 4886F70D 01010405
  00038181 0020BE85 54D183BB 2AD6BFDC 671EF961 11E4C317 88C05508 CFEA34AF
  B7253F1D 023C511F EFB1C73D 4C6A0D56 7483B727 9394E2FE 96E31C27 028DC428
  8F63B229 A84868C7 C4A31DC3 E810C4ED 4EEDEA8F 53284FB1 B3488D72 DDDE389D
  D197E29A 86D58210 229843EE D13AB861 C55CFFF9 451DE60E 5227C725 16323972
  2FEB8A3A 23
        quit
dot11 syslog
!
dot11 ssid ***********
   vlan 75
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 *****************
!
dot11 ssid ********
!
ip source-route
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.10
!
ip dhcp pool inside
   import all
   network 192.168.75.0 255.255.255.0
   default-router 192.168.75.1
   dns-server 68.87.68.166 68.87.74.166
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username *********** privilege 15 secret 5 $8888888888888888888888
!
!
!
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-invalid-src
 match access-group 100
class-map type inspect match-all sdm-protocol-http
 match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-cls-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-inspect
 class type inspect sdm-invalid-src
  drop log
 class type inspect sdm-cls-insp-traffic
  inspect
 class type inspect sdm-protocol-http
  inspect
 class type inspect SDM-Voice-permit
  pass
 class class-default
  pass
policy-map type inspect sdm-inspect-voip-in
 class type inspect SDM-Voice-permit
  pass
 class class-default
  drop
policy-map type inspect sdm-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-in source out-zone destination in-zone
 service-policy type inspect sdm-inspect-voip-in
!
bridge irb
!
!
interface FastEthernet0
 switchport access vlan 75
!
interface FastEthernet1
 switchport access vlan 75
!
interface FastEthernet2
 switchport access vlan 75
!
interface FastEthernet3
 switchport access vlan 75
!
interface FastEthernet4
 description $FW_OUTSIDE$
 ip address 192.168.15.80 255.255.255.192
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 75 mode ciphers tkip
 !
 broadcast-key vlan 75 change 45
 !
 !
 ssid **********
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 channel 2412
 station-role root
!
interface Dot11Radio0.75
 encapsulation dot1Q 75 native
 bridge-group 75
 bridge-group 75 subscriber-loop-control
 bridge-group 75 spanning-disabled
 bridge-group 75 block-unknown-source
 no bridge-group 75 source-learning
 no bridge-group 75 unicast-flooding
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan75
 no ip address
 bridge-group 75
 bridge-group 75 spanning-disabled
!
interface BVI75
 description $FW_INSIDE$
 ip address 192.168.75.1 255.255.255.0
 ip helper-address 192.168.75.1
 ip virtual-reassembly
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.75.0
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static udp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static tcp 192.168.75.2 1720 interface FastEthernet4 1720
ip nat outside source list 1 pool access-list
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.75.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run

!
!
!
!
!
control-plane
!
bridge 75 route ip
banner motd ^C
This equipment is property of **********
Any unauthorized access will be prosecuted to the full extent of the law.
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end
0
Comment
Question by:GT181
  • 2
4 Comments
 

Author Comment

by:GT181
Comment Utility
Oh I should add that every now and then internet traffic will pass through normally for about 15 seconds or so and then it goes back to being slow. I need traffic to be reliable.
0
 
LVL 16

Expert Comment

by:memo_tnt
Comment Utility
why you are using all these default routes

ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 68.53.129.1
ip route 0.0.0.0 0.0.0.0 192.168.15.65


?????
0
 
LVL 3

Accepted Solution

by:
harrowc earned 500 total points
Comment Utility
Hi,

Your symptoms seem like DNS lookup failures to me.
Try using alternate DNS servers like the ones at opendns.com
208.67.222.222
208.67.220.220

and see if those problems go away.

Some ISP's filter the traffic, so you may have to use wireshark or something to confirm the DNS UDP packets are getting through.

Good luck

0
 

Author Closing Comment

by:GT181
Comment Utility
Thanks, I removed the extra static routes (which were a result of my bringing the router home and messing with it) and switched DNS, everything works great now.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now