Cisco 871 Router - Hotmail site loading slow

Hello,
I just replaced my linksys home router with a Cisco 871W. All works well except for now hotmail.com takes 5 minutes to load. The firewall is turned off and no ACLs other than the NAT exist. I am using the SDM to configure. I have done some searching and found talk of UPnP being the culprit but do not know how to resolve this issue.
RowyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ArneLoviusCommented:
it would be useful if you can post the config
0
RowyAuthor Commented:
Sorry!


Building configuration...

Current configuration : 4280 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4005747146
 revocation-check none
 rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
  34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
  0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
  9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
  F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
  BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
  6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
  5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
  46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
  0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
  F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
  0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
  26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
        quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
   import all
   network 172.16.10.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 172.16.10.200
   lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 duplex full
 speed 100
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
 duplex full
 speed 100
!
interface FastEthernet3
 duplex full
 speed 100
!
interface FastEthernet4
 description WAN INTERFACE$ETH-WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet4
 ip access-group 102 in
 ip access-group 101 out
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.16.10.200 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip default-gateway 172.16.10.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended GRE
 remark gre pass through
 remark SDM_ACL Category=4
 permit gre any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 101 remark GRE passthrough
access-list 101 remark SDM_ACL Category=1
access-list 101 permit gre any any
access-list 101 permit ip any any
access-list 102 remark gre pass through in
access-list 102 remark SDM_ACL Category=1
access-list 102 permit gre any any
access-list 102 permit ip any any
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
 password 7 00071A150754
 logging synchronous
 login
 no modem enable
line aux 0
line vty 0 4
 password 7 1511021F0725
 logging synchronous
 login local
 transport input all
!
scheduler max-task-time 5000
end
0
ArneLoviusCommented:
you appear to have a default route set

ip default-gateway 172.16.10.1

Open in new window


fix this by connecting to the console (serial/telnet/ssh) and doing

no ip default-gateway 172.16.10.1

Open in new window


You also appear to be allowing all inbound traffic

ip access-group 102 in
access-list 102 permit ip any any

Open in new window


SDM is now deprecated, I would suggest getting a copy of CCP


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

RowyAuthor Commented:
ArneLovius,

Thank you for the analysis and I removed both items from your post. I also am downloading the CCP software as we speak. Any ideas on how I can enable this UPnP so that microsoft sites such as hotmail.com load faster? Or am I way off?
New config:

Building configuration...

Current configuration : 3745 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4005747146
 revocation-check none
 rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
  34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
  0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
  9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
  F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
  BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
  6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
  5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
  46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
  0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
  F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
  0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
  26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
        quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
   import all
   network 172.16.10.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 172.16.10.200
   lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 duplex full
 speed 100
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
 duplex full
 speed 100
!
interface FastEthernet3
 duplex full
 speed 100
!
interface FastEthernet4
 description WAN INTERFACE$FW_OUTSIDE$$ETH-WAN$
 ip address dhcp client-id FastEthernet4
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $FW_INSIDE$
 ip address 172.16.10.200 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
 password 7 00071A150754
 logging synchronous
 login
 no modem enable
line aux 0
line vty 0 4
 password 7 1511021F0725
 logging synchronous
 login local
 transport input all
!
scheduler max-task-time 5000
end
0
ArneLoviusCommented:
uPNP will not be affecting web access

is it just hotmail that is slow ?

do you get your expected speed on speedtest.net ?
0
RowyAuthor Commented:
It is just hotmail that I know of right now. I just did a speed test which is a little slower than usual      (5 down and 4 up) but......Holy CRAP it's fixed!!!  
0
RowyAuthor Commented:
ArneLovius,

When I enable the firewall, I can no longer VPN into other servers. I'm used to like a "VPN pass though" option but I couldnt find one in the SDM. Do I have to manually open this? if so, any ideas???
Thank you again for your help!
Ken
0
ArneLoviusCommented:
you need to allow outbound IPSec traffic in the firewall rules, this is a little easier in CCP than just SDM
0
RowyAuthor Commented:
Ill open a new question for the last item. Sorry

Thank you again ArneLovius!
0
RowyAuthor Commented:
I just saw your post. Ill give it a shot.


Ken
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.