?
Solved

smc 8014 and Cisco 2600

Posted on 2010-01-06
4
Medium Priority
?
688 Views
Last Modified: 2013-12-14
We have a Comcast connection with 13 ip's. We have a windows domain and other separate windows servers. We run the domain dns severs, and some public dns servers for our clients. We als have an email server for our customers.

Some ip's are natted and other not. Ping-wise everything seems to work, however our internet access via browser from either nat or non-nat system seems slow. Sometimes after going to a main site and then going to a sus site it dooes not connect; a refresh sometimes gets thru.

I am concerned that the cisco config may be part of the problem. I need someone to look at it and tell me it is ok.
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname rtrpcs-nwrk
!
enable secret 5 $1$2Dq8$xWnEEfaXIaGJC.vcDJhpg0
enable password 7 095B5A0A4A57404A
!
ip subnet-zero
!
!
!
!
interface FastEthernet0/0
 description connection to Internet
 ip address 173.161.171.150 255.255.255.240
 ip access-group pcs-comcast in
 no ip directed-broadcast
 ip nat outside
 no ip mroute-cache
!
interface Serial0/0
 description connection to Sprint
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
 no fair-queue
!
interface FastEthernet0/1
 ip address 172.31.0.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
!
ip nat pool comcast 173.161.171.156 173.161.171.156 netmask 255.255.255.240
ip nat inside source list 7 pool comcast overload
ip nat inside source static 172.31.0.12 173.161.171.146 extendable
ip nat inside source static 172.31.0.13 173.161.171.147 extendable
ip nat inside source static 172.31.0.14 173.161.171.148 extendable
ip nat inside source static 172.31.0.98 173.161.171.154 extendable
ip nat inside source static 172.31.0.11 173.161.171.145 extendable
ip nat inside source static 172.31.0.15 173.161.171.149 extendable
ip nat inside source static 172.31.0.20 173.161.171.150 extendable
ip nat inside source static 172.31.0.203 173.161.171.155 extendable
ip nat inside source static 172.31.0.200 173.161.171.153 extendable
ip nat inside source static 172.31.0.201 173.161.171.152 extendable
ip nat inside source static 172.31.0.202 173.161.171.151 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 173.161.171.158
no ip http server
!
!
ip access-list extended comcast-pcs
 permit icmp any any
 permit ip any any
 permit tcp any any
 permit udp any any
ip access-list extended pcs-comcast
 permit tcp any any established
 permit icmp any any
 permit tcp any host 173.161.171.147 eq smtp
 permit tcp any host 173.161.171.155 eq 3389
 permit tcp any host 173.161.171.155 eq 9833
 permit tcp any host 173.161.171.145 eq smtp
 permit tcp any host 173.161.171.145 eq www
 permit tcp any host 173.161.171.145 eq pop3
 permit tcp any host 173.161.171.148 eq ftp-data
 permit tcp any host 173.161.171.148 eq ftp
 permit tcp any host 173.161.171.148 eq domain
 permit tcp any host 173.161.171.148 eq www
 permit tcp any host 173.161.171.148 eq 9833
 permit tcp any host 173.161.171.149 eq domain
 permit tcp any host 173.161.171.154 eq ftp-data
 permit tcp any host 173.161.171.154 eq www
 permit tcp any host 173.161.171.154 eq 9833
 permit tcp any host 173.161.171.154 eq ftp
 permit tcp any host 173.161.171.145 eq domain
 permit udp any host 173.161.171.145 eq domain
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 permit udp any eq domain host 173.161.171.148 gt 1023
 permit udp any eq domain host 173.161.171.149 gt 1023
 permit tcp any host 173.161.171.146 eq smtp
 permit tcp any host 173.161.171.146 eq 8383
 permit tcp any host 173.161.171.146 eq pop3
 permit udp any eq domain host 173.161.171.145 gt 1023
 permit tcp any host 173.161.171.153 eq 3393
 permit tcp any host 173.161.171.152 eq 3392
 permit tcp any host 173.161.171.151 eq 3391
 permit tcp any host 173.161.171.153 eq www
access-list 7 deny   172.31.0.203
access-list 7 deny   172.31.0.202
access-list 7 deny   172.31.0.201
access-list 7 deny   172.31.0.200
access-list 7 deny   172.31.0.16
access-list 7 deny   172.31.0.20
access-list 7 deny   172.31.0.11
access-list 7 deny   172.31.0.15
access-list 7 deny   172.31.0.14
access-list 7 deny   172.31.0.13
access-list 7 deny   172.31.0.12
access-list 7 deny   172.31.0.98
access-list 7 permit 172.31.0.0 0.0.0.255
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password 7 0809487D5D48091800
 login
!
end

rtrpcs-nwrk#
 
0
Comment
Question by:tuckertf
  • 3
4 Comments
 
LVL 9

Accepted Solution

by:
Vito_Corleone earned 2000 total points
ID: 26192410
This statemet could be the issue:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

When you use an interface instead of a next hop, the router thinks that all destinations are directly connected, therefore it will send ARP requests for EVERYTHING. You should remove that and stick to the IP as the next hop (provided that it is a working gateway). You could post a "sh ip arp" to confirm this, you will likely see a ton of entries that shouldn't be there, like internet IPs.
0
 

Author Comment

by:tuckertf
ID: 26194431
Thanks!! I did not see alot, but there were definitely some in there that shouldn't have been. Now I only see the inside local and inside global addresses.
Surf speed lept ahead !!

I hope this is all it was. MANY THANKS to Vito !!

tom
0
 

Author Closing Comment

by:tuckertf
ID: 31673481
I did not expect a return answer so quickly. Thx very much.

0
 

Author Comment

by:tuckertf
ID: 26194453
BTW, that line has been there for a long time and did not seem to effect the system when it was connected to a T1 via an Enet interface.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
Integration Management Part 2
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question