asked on 10/6/2011

Cisco 871 Router - Hotmail site loading slow

Hello,
I just replaced my linksys home router with a Cisco 871W. All works well except for now hotmail.com takes 5 minutes to load. The firewall is turned off and no ACLs other than the NAT exist. I am using the SDM to configure. I have done some searching and found talk of UPnP being the culprit but do not know how to resolve this issue.

Routers Cisco

Last Comment

Rowy

10/6/2011

ArneLovius

10/6/2011

it would be useful if you can post the config

Rowy

10/6/2011

ASKER

Sorry!

Building configuration...

Current configuration : 4280 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4005747146
revocation-check none
rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
import all
network 172.16.10.0 255.255.255.0
dns-server 4.2.2.2
default-router 172.16.10.200
lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
duplex full
speed 100
!
interface FastEthernet1
duplex full
speed 100
!
interface FastEthernet2
duplex full
speed 100
!
interface FastEthernet3
duplex full
speed 100
!
interface FastEthernet4
description WAN INTERFACE$ETH-WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
ip access-group 102 in
ip access-group 101 out
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $FW_INSIDE$
ip address 172.16.10.200 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip default-gateway 172.16.10.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended GRE
remark gre pass through
remark SDM_ACL Category=4
permit gre any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 101 remark GRE passthrough
access-list 101 remark SDM_ACL Category=1
access-list 101 permit gre any any
access-list 101 permit ip any any
access-list 102 remark gre pass through in
access-list 102 remark SDM_ACL Category=1
access-list 102 permit gre any any
access-list 102 permit ip any any
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
password 7 00071A150754
logging synchronous
login
no modem enable
line aux 0
line vty 0 4
password 7 1511021F0725
logging synchronous
login local
transport input all
!
scheduler max-task-time 5000
end

ASKER CERTIFIED SOLUTION

ArneLovius

10/6/2011

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

Rowy

10/6/2011

ASKER

ArneLovius,

Thank you for the analysis and I removed both items from your post. I also am downloading the CCP software as we speak. Any ideas on how I can enable this UPnP so that microsoft sites such as hotmail.com load faster? Or am I way off?
New config:

Building configuration...

Current configuration : 3745 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname midtown
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$8ylP$VMK3UaXDeddoSP0JbHQN4.
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4005747146
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4005747146
revocation-check none
rsakeypair TP-self-signed-4005747146
!
!
crypto pki certificate chain TP-self-signed-4005747146
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303035 37343731 3436301E 170D3130 30393133 31353431
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303537
34373134 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C001 2C7588EC 3B6E2806 94178189 41CF9332 3774F4A3 22FB5D50 E75491CB
0EDAFFA4 0D72C8DB 7B0604CF 0A2F89CB 488A47C9 6EA811D4 7C44D2FD 21CD9FCC
9DC6E590 3F7A0CCF F96D9489 C1C8935A 6CD821DE F713CB22 A5FD3BE2 F23F3483
F82F8170 99D1770F 828F3D77 9BD0205E 343AF3CC 177DB4DF 1CF8DA17 306A6097
BC330203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 186D6964 746F776E 2E726F77 796E6574 776F726B 732E636F
6D301F06 03551D23 04183016 80147BEE D14F33C1 84DA0652 E1642500 816A852E
5C46301D 0603551D 0E041604 147BEED1 4F33C184 DA0652E1 64250081 6A852E5C
46300D06 092A8648 86F70D01 01040500 03818100 032E1C42 C5F1C757 3BEAD474
0ED3F253 1BE686DB 6389A660 DC0A1436 F21F6A5F C9165F28 6AF520E0 F29C67DC
F25248F8 6A0BBE21 9967D9DE 26EF79D2 216C5606 4B7CAE59 16B79CA4 572F3944
0C57CC5C 6DC74D24 86CDE95E 9DB9186A 6E20E7A6 B34DB646 B15AF610 8601EC79
26DE0E0C 64AD791C 91ACF645 E853A15B 0346CDA2
quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.10.101 172.16.10.254
!
ip dhcp pool mypool
import all
network 172.16.10.0 255.255.255.0
dns-server 4.2.2.2
default-router 172.16.10.200
lease infinite
!
!
ip domain name rowynetworks.com
ip name-server 4.2.2.2
!
!
!
username ken privilege 15 secret 5 $1$Eo7f$sofqfa9Xboiff7mKB79Cx1
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
duplex full
speed 100
!
interface FastEthernet1
duplex full
speed 100
!
interface FastEthernet2
duplex full
speed 100
!
interface FastEthernet3
duplex full
speed 100
!
interface FastEthernet4
description WAN INTERFACE$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $FW_INSIDE$
ip address 172.16.10.200 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.16.10.0 0.0.0.255
!
!
!
control-plane
!
banner motd ^C
***************************************
DO NOT LOGON
**************************************^C
alias exec s show ip int brief
!
line con 0
password 7 00071A150754
logging synchronous
login
no modem enable
line aux 0
line vty 0 4
password 7 1511021F0725
logging synchronous
login local
transport input all
!
scheduler max-task-time 5000
end

ArneLovius

10/6/2011

uPNP will not be affecting web access

is it just hotmail that is slow ?

do you get your expected speed on speedtest.net ?

Rowy

10/6/2011

ASKER

It is just hotmail that I know of right now. I just did a speed test which is a little slower than usual (5 down and 4 up) but......Holy CRAP it's fixed!!!

Rowy

10/6/2011

ASKER

ArneLovius,

When I enable the firewall, I can no longer VPN into other servers. I'm used to like a "VPN pass though" option but I couldnt find one in the SDM. Do I have to manually open this? if so, any ideas???
Thank you again for your help!
Ken

ArneLovius

10/6/2011

you need to allow outbound IPSec traffic in the firewall rules, this is a little easier in CCP than just SDM

Rowy

10/6/2011

ASKER

Ill open a new question for the last item. Sorry

Thank you again ArneLovius!

Rowy

10/6/2011

ASKER

I just saw your post. Ill give it a shot.

Ken