[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco 871 Router - Hotmail site loading slow

Posted on 2011-10-06
10
Medium Priority
?
616 Views
Last Modified: 2012-05-12
Hello,
I just replaced my linksys home router with a Cisco 871W. All works well except for now hotmail.com takes 5 minutes to load. The firewall is turned off and no ACLs other than the NAT exist. I am using the SDM to configure. I have done some searching and found talk of UPnP being the culprit but do not know how to resolve this issue.
0
Comment
Question by:Rowy
  • 6
  • 4
10 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 36926106
it would be useful if you can post the config
0
 

Author Comment

by:Rowy
ID: 36927056
Sorry!


Building configuration...

Current configuration : 4280 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4005747146
 revocation-check none
 rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
  34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
  0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
  9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
  F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
  BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
  6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
  5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
  46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
  0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
  F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
  0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
  26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
        quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
   import all
   network 172.16.10.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 172.16.10.200
   lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 duplex full
 speed 100
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
 duplex full
 speed 100
!
interface FastEthernet3
 duplex full
 speed 100
!
interface FastEthernet4
 description WAN INTERFACE$ETH-WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet4
 ip access-group 102 in
 ip access-group 101 out
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.16.10.200 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip default-gateway 172.16.10.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended GRE
 remark gre pass through
 remark SDM_ACL Category=4
 permit gre any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 101 remark GRE passthrough
access-list 101 remark SDM_ACL Category=1
access-list 101 permit gre any any
access-list 101 permit ip any any
access-list 102 remark gre pass through in
access-list 102 remark SDM_ACL Category=1
access-list 102 permit gre any any
access-list 102 permit ip any any
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
 password 7 00071A150754
 logging synchronous
 login
 no modem enable
line aux 0
line vty 0 4
 password 7 1511021F0725
 logging synchronous
 login local
 transport input all
!
scheduler max-task-time 5000
end
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 2000 total points
ID: 36927201
you appear to have a default route set

ip default-gateway 172.16.10.1

Open in new window


fix this by connecting to the console (serial/telnet/ssh) and doing

no ip default-gateway 172.16.10.1

Open in new window


You also appear to be allowing all inbound traffic

ip access-group 102 in
access-list 102 permit ip any any

Open in new window


SDM is now deprecated, I would suggest getting a copy of CCP


0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:Rowy
ID: 36927383
ArneLovius,

Thank you for the analysis and I removed both items from your post. I also am downloading the CCP software as we speak. Any ideas on how I can enable this UPnP so that microsoft sites such as hotmail.com load faster? Or am I way off?
New config:

Building configuration...

Current configuration : 3745 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4005747146
 revocation-check none
 rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
  34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
  0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
  9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
  F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
  BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
  6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
  5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
  46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
  0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
  F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
  0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
  26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
        quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
   import all
   network 172.16.10.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 172.16.10.200
   lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 duplex full
 speed 100
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
 duplex full
 speed 100
!
interface FastEthernet3
 duplex full
 speed 100
!
interface FastEthernet4
 description WAN INTERFACE$FW_OUTSIDE$$ETH-WAN$
 ip address dhcp client-id FastEthernet4
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.16.10.200 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
 password 7 00071A150754
 logging synchronous
 login
 no modem enable
line aux 0
line vty 0 4
 password 7 1511021F0725
 logging synchronous
 login local
 transport input all
!
scheduler max-task-time 5000
end
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 36927393
uPNP will not be affecting web access

is it just hotmail that is slow ?

do you get your expected speed on speedtest.net ?
0
 

Author Comment

by:Rowy
ID: 36927449
It is just hotmail that I know of right now. I just did a speed test which is a little slower than usual      (5 down and 4 up) but......Holy CRAP it's fixed!!!  
0
 

Author Closing Comment

by:Rowy
ID: 36927463
ArneLovius,

When I enable the firewall, I can no longer VPN into other servers. I'm used to like a "VPN pass though" option but I couldnt find one in the SDM. Do I have to manually open this? if so, any ideas???
Thank you again for your help!
Ken
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 36927475
you need to allow outbound IPSec traffic in the firewall rules, this is a little easier in CCP than just SDM
0
 

Author Comment

by:Rowy
ID: 36927510
Ill open a new question for the last item. Sorry

Thank you again ArneLovius!
0
 

Author Comment

by:Rowy
ID: 36927515
I just saw your post. Ill give it a shot.


Ken
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question