Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sluggish browsing after IOS upgrade on Cisco 851 router

Posted on 2010-11-10
8
Medium Priority
?
755 Views
Last Modified: 2012-05-10
After upgrading to Version 12.4(15)T14, RELEASE SOFTWARE (fc2) the internet browsing is very sluggish. I can usually see the browser status saying something along the lines of "waiting for abcsite.com" then hang, then suddenly the page loads up pretty quickly.

I've done numerous speed tests and they all show pretty good speeds for sustained transfers, also tried different DNS without any luck. Is there anything wrong with the config maybe?

Building configuration...

Current configuration : 7173 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname sw01
!
boot-start-marker
boot system flash
boot system flash c850-advsecurityk9-mz.124-9.T2.bin
boot system flash:c850-advsecurityk9-mz.124-15.T14.bin
boot-end-marker
!
logging buffered 51200
logging console informational
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization console
aaa authorization exec default local
aaa authorization network groupauthor local
!
!
aaa session-id common
memory-size iomem 15
clock timezone PCTime 1
!
crypto pki trustpoint TP-self-signed-3743990007
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3743990007
 revocation-check none
 rsakeypair TP-self-signed-3743990007
!
!
crypto pki certificate chain TP-self-signed-3743990007
 certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  ::snip::
  1FA06ABA 89103F2C 3F43560A DDB78D5B 0EB306F8 38C8E37A 66F0E437 6CC71C5E
  E965D121 B37575DC E27A79B7 2EF46B98 0939485A ED762245 B7
        quit
dot11 syslog
no ip source-route
!
!
ip cef
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name ADMIN tcp
ip inspect name ADMIN udp
ip inspect name ADMIN ftp
ip inspect name ADMIN smtp
ip inspect name ADMIN icmp
ip inspect name FW tcp
ip inspect name FW udp
ip inspect name FW icmp
ip inspect name FW smtp
no ip bootp server
ip domain name something.local
ip name-server 193.213.112.4
!
!
!
username ::snip::
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp keepalive 30 5
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group vpnclient
 dns 192.168.79.10
 ::snip::
 pool vpnclientpool
 acl 175
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto ipsec transform-set stronger esp-3des esp-sha-hmac
!
crypto dynamic-map vpnclient 10
 set transform-set stronger
 match address 176
 reverse-route
!
!
crypto map VPNmap client authentication list userauthen
crypto map VPNmap isakmp authorization list groupauthor
crypto map VPNmap client configuration address respond
crypto map VPNmap 10 ipsec-isakmp dynamic vpnclient
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
 no cdp enable
!
interface FastEthernet1
 no cdp enable
!
interface FastEthernet2
 no cdp enable
!
interface FastEthernet3
 no cdp enable
!
interface FastEthernet4
 no ip address
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1350
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1395
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Vlan1
 description LAN
 ip address 192.168.79.1 255.255.255.0
 ip access-group fraAdmin in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1392
 ip inspect ADMIN in
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1352
!
interface Dialer0
 description TELENOR ADSL
 ip address negotiated
 ip access-group fraInternet in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1392
 ip inspect FW in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 ip tcp adjust-mss 1352
 dialer pool 1
 dialer-group 1
 keepalive 9
 no cdp enable
 ppp authentication pap callin
 crypto map VPNmap
!
ip local pool vpnclientpool 192.168.250.1 192.168.250.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list NATliste interface Dialer0 overload
!
ip access-list extended NATliste
 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 permit ip 192.168.0.0 0.0.255.255 any
ip access-list extended alterlov
 permit ip any any
ip access-list extended fraAdmin
 remark DHCP
 permit udp any eq bootpc any eq bootps
 permit udp any eq bootpc any eq bootpc
 remark tillater alt annet
 permit ip 192.168.79.0 0.0.0.255 any
 deny   ip any any log
ip access-list extended fraInternet
 permit icmp any any
 remark PING
 permit icmp any any echo-reply
 permit icmp any any host-unreachable
 permit icmp any any host-unknown
 remark VPN
 permit esp any any
 permit ahp any any
 permit udp any any eq isakmp
 permit udp any any eq non500-isakmp
 permit ip 192.168.250.0 0.0.0.255 192.168.79.0 0.0.0.255
 remark Vedlikehold fra Allianse
 remark Mail inn
 permit tcp any host 193.213.20.8 eq smtp
 remark Tillater icmp til offentlig ip
 remark Nekter RFC 1918 adresser
 deny   ip 192.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip any any log
!
logging trap debugging
access-list 175 permit ip 192.168.79.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 176 permit ip any 192.168.250.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
banner login ^CCCC
-----------------------------------------------------------------------
Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
Please leave, restricted area!
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window


Thanks!
0
Comment
Question by:Spanjis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 10

Accepted Solution

by:
cstosgale earned 1200 total points
ID: 34106670
One thing is your MTU is pretty low. Usually ADSL lines can be higher than that. I would probably try 1492, and a tcp adjust-mss value of 1460.

Does reverting back to the old IOS image resolve the problem? This is probably worth trying to confirm it is the IOS image that has caused the problem.

Also, the MTU for ethernet interfaces should always be 1500, and there is rarely a good reason to change it. I would also take the MSS command off of there and just have it on the dialer interface.
0
 

Author Comment

by:Spanjis
ID: 34112047
Thanks for the reply cstosgale, the changes had no effect. I'll try reverting back to old IOS image tomorrow, I'll let you now how it goes.
0
 

Author Comment

by:Spanjis
ID: 34132754
Sluggish browsing stopped after downgrading to c850-advsecurityk9-mz.123-8.YI2, but now there is problem accessing sites like apple.com and me.com. The browser says "waiting for apple.com..." and times out.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Assisted Solution

by:t509
t509 earned 800 total points
ID: 34135802
I had exactly the same problem you´re experiencing right now. My solution (on three 1812, to triple check this behaviour) was to downgrade to 12.4(15)T13, this worked fine for me. Your MTU/MSS values aren´t optimal, but they aren´t the root cause. I tested for several days to get a clue how to "tune" the 12.4(15)T14 to get better performance regarding simple browsing...no chance.

Just do a downgrade to T13.
0
 

Author Comment

by:Spanjis
ID: 34164154
Upgraded to 12.4(15)T13, still having problems with with certain sites, working on Win 7, but not XP and Mac.

But the problem with sluggish browsing is solved, so I'm going to close this and create a new question.

Thanks for the help guys!
0
 

Author Closing Comment

by:Spanjis
ID: 34164173
New problems occurred after downgrading, problem accessing certain sites like apple.com, me.com... from windows XP.
0
 
LVL 4

Expert Comment

by:t509
ID: 34172569
Hi, i´ve got none of these problems...actually using 1812 with the mentioned T13 @home.
I own one Win7 x64 Box, one iMac27", one MBP 15". I´m able to access these sites without any hassles...
0
 

Author Comment

by:Spanjis
ID: 34180914
Thanks for the input t509, I'm guessing there's a problem with the hardware.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question