Solved

Cisco 1811W Bandwidth Issue

Posted on 2013-02-04
11
384 Views
Last Modified: 2013-05-09
I have a new customer that I'm working with and they have a Cisco 1811W Device.

Everything seemed to be working okay, but we recently upgrade from a 7M to 35M Internet connection over cable.  Since then we are having download problems.  The web browsing seems okay, but when we try to download files even as small at 10MB the download starts off at over 900Kb/sec and then slowly dies down to less than a 1 bytes/sec and the download never finishes.

They have 3 other sites over point to point connections that share the main Cable connection where the Cisco 1811W is located and I think the device was setup overly complex.  There are no outside services such as web/email that could be killing the bandwidth.

Some computers on the local side of the network when I run a bandwidth test get less than 10Mb and others may actually show the real 35Mb and I just can't pinpoint where the problem is coming from.  The running config is below.

Any help would be greatly appreciated.



Building configuration...

Current configuration : 24950 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname BCIPain&Spine
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 XXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_3 local
aaa authorization network sdm_vpn_group_ml_4 local
aaa authorization network sdm_vpn_group_ml_5 local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 64.89.74.2
ip name-server 64.89.70.2
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
    audit-trail off
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint TP-self-signed-3920102629
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3920102629
 revocation-check none
 rsakeypair TP-self-signed-3920102629
!
!
crypto pki certificate chain TP-self-signed-3920102629
 certificate self-signed 01
  quit
username admin privilege 15 secret 5 XXXXX
!
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 5
!
crypto isakmp policy 3
 authentication pre-share
 group 5
!
crypto isakmp policy 4
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key PainSpineISA address 97.67.146.74 no-xauth
!
crypto isakmp client configuration group remoteg
 key BCPSremoteg
 dns 192.168.39.2
 pool SDM_POOL_3
 acl 106
 max-users 10
 netmask 255.255.255.0
!
crypto isakmp client configuration group EasyVPN
 key XXX
 dns 192.168.39.2
 domain bcipainandspine.local
 pool SDM_POOL_4
 acl 107
 include-local-lan
 split-dns bcipainandspine.local
 max-users 10
 netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
   match identity group remoteg
   isakmp authorization list sdm_vpn_group_ml_3
   client configuration address respond
   virtual-template 3
crypto isakmp profile sdm-ike-profile-2
   match identity group EasyVPN
   client authentication list sdm_vpn_xauth_ml_3
   isakmp authorization list sdm_vpn_group_ml_5
   client configuration address respond
   virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set 256-Encryption esp-aes 256 esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
 set transform-set ESP-DES-MD5 ESP-3DES-SHA ESP-3DES-SHA1
 set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile SDM_Profile2
 set security-association idle-time 3600
 set transform-set 256-Encryption
 set isakmp-profile sdm-ike-profile-2
!
!
crypto map RMPS 1 ipsec-isakmp
 set peer 97.67.146.74
 set transform-set ESP-DES-MD5
 match address 102
!
bridge irb
!
!
!
interface Tunnel0
 ip address 172.16.40.1 255.255.255.0
 ip mtu 1420
 shutdown
 tunnel source FastEthernet0
 tunnel destination 97.67.146.74
 tunnel path-mtu-discovery
!
interface FastEthernet0
 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 70.62.101.26 255.255.255.252
 ip access-group 113 in
 ip verify unicast reverse-path
 ip mask-reply
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow egress
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 crypto map RMPS
!
interface FastEthernet1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers tkip
 !
 ssid Pain&Spine
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 XXX
 !
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2412
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption mode ciphers tkip
 !
 ssid bcips
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 XXX
 !
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Virtual-Template3 type tunnel
 ip unnumbered BVI1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
interface Virtual-Template2 type tunnel
 ip unnumbered FastEthernet0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile2
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.39.1 255.255.255.0
 ip access-group 112 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip local pool SDM_POOL_1 192.168.40.160 192.168.40.169
ip local pool SDM_POOL_2 192.168.40.100 192.168.40.150
ip local pool SDM_POOL_3 192.168.41.100 192.168.41.110
ip local pool SDM_POOL_4 192.168.38.50 192.168.38.75
ip route 0.0.0.0 0.0.0.0 70.62.101.25 permanent
ip route 192.168.38.0 255.255.255.0 192.168.39.254 permanent
ip route 192.168.40.0 255.255.255.0 192.168.39.254 permanent
ip route 192.168.41.0 255.255.255.0 192.168.39.254 permanent
ip route 192.168.42.0 255.255.255.0 192.168.39.254 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
ip access-list extended SDM_2
ip access-list extended sdm_virtual-template1_in
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
 permit udp host 217.160.254.116 eq ntp any eq ntp
 permit ip any any
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
 remark SDM_ACL Category=1
 remark Auto generated by SDM for NTP (123) 217.160.254.116
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.39.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.39.0 0.0.0.255 any
access-list 100 remark Greenville Internet
access-list 100 permit ip 192.168.41.0 0.0.0.255 any
access-list 100 permit ip 192.168.40.0 0.0.0.255 any
access-list 100 permit udp any host 192.168.39.1 eq non500-isakmp
access-list 100 permit udp any host 192.168.39.1 eq isakmp
access-list 100 permit esp any host 192.168.39.1
access-list 100 permit ahp any host 192.168.39.1
access-list 100 deny   ip 74.223.46.120 0.0.0.4 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ahp host 97.67.146.74 host 70.62.101.26
access-list 101 permit esp host 97.67.146.74 host 70.62.101.26
access-list 101 permit udp host 97.67.146.74 host 70.62.101.26 eq isakmp
access-list 101 permit udp host 97.67.146.74 host 70.62.101.26 eq non500-isakmp
access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 101 remark Greenville Firewall Rule
access-list 101 permit ip 192.168.41.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 101 remark Auto generated by SDM for NTP (123) 217.160.254.116
access-list 101 permit udp host 217.160.254.116 eq ntp host 70.62.101.26 eq ntp
access-list 101 remark DNS
access-list 101 permit udp any eq domain host 70.62.101.26 eq domain
access-list 101 remark Time
access-list 101 permit tcp any eq 123 host 70.62.101.26
access-list 101 deny   ip 192.168.39.0 0.0.0.255 any
access-list 101 permit icmp any host 70.62.101.26 echo-reply
access-list 101 permit udp any host 70.62.101.26 eq non500-isakmp
access-list 101 permit udp any host 70.62.101.26 eq isakmp
access-list 101 permit esp any host 70.62.101.26
access-list 101 permit ahp any host 70.62.101.26
access-list 101 permit icmp any host 74.223.46.122 echo
access-list 101 permit icmp any host 74.223.46.122 time-exceeded
access-list 101 permit icmp any host 74.223.46.122 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip 192.168.39.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSEC to RMPS
access-list 102 remark SDM_ACL Category=4
access-list 103 remark SDM_ACL Category=4
access-list 103 permit ip 192.168.40.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=4
access-list 103 remark SDM_ACL Category=4
access-list 103 remark SDM_ACL Category=4
access-list 103 remark SDM_ACL Category=4
access-list 103 remark SDM_ACL Category=4
access-list 104 remark SDM_ACL Category=2
access-list 104 deny   ip 192.168.39.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 104 permit ip 192.168.39.0 0.0.0.255 any
access-list 104 permit ip 192.168.40.0 0.0.0.255 any
access-list 104 remark Greenville
access-list 104 permit ip 192.168.41.0 0.0.0.255 any
access-list 104 remark Durham
access-list 104 permit ip 192.168.42.0 0.0.0.255 any
access-list 104 remark AvuTox
access-list 104 permit ip 192.168.38.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=4
access-list 105 permit ip 192.168.39.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=4
access-list 105 remark SDM_ACL Category=4
access-list 105 remark SDM_ACL Category=4
access-list 105 remark SDM_ACL Category=4
access-list 105 remark SDM_ACL Category=4
access-list 106 remark SDM_ACL Category=4
access-list 106 permit ip 192.168.39.0 0.0.0.255 any
access-list 106 permit ip 192.168.40.0 0.0.0.255 any
access-list 106 remark SDM_ACL Category=4
access-list 106 remark SDM_ACL Category=4
access-list 106 remark SDM_ACL Category=4
access-list 106 remark SDM_ACL Category=4
access-list 106 remark SDM_ACL Category=4
access-list 107 remark SDM_ACL Category=4
access-list 107 permit ip 192.168.39.0 0.0.0.255 any
access-list 107 remark SDM_ACL Category=4
access-list 107 remark SDM_ACL Category=4
access-list 107 remark SDM_ACL Category=4
access-list 107 remark SDM_ACL Category=4
access-list 107 remark SDM_ACL Category=4
access-list 108 remark auto generated by SDM firewall configuration
access-list 108 remark SDM_ACL Category=1
access-list 108 permit udp any host 192.168.39.1 eq non500-isakmp
access-list 108 permit udp any host 192.168.39.1 eq isakmp
access-list 108 permit esp any host 192.168.39.1
access-list 108 permit ahp any host 192.168.39.1
access-list 108 deny   ip 70.62.101.24 0.0.0.3 any
access-list 108 deny   ip host 255.255.255.255 any
access-list 108 deny   ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip any any
access-list 109 remark auto generated by SDM firewall configuration
access-list 109 remark SDM_ACL Category=1
access-list 109 remark Auto generated by SDM for NTP (123) 217.160.254.116
access-list 109 permit udp host 217.160.254.116 eq ntp host 70.62.101.26 eq ntp
access-list 109 permit udp any host 70.62.101.26 eq non500-isakmp
access-list 109 permit udp any host 70.62.101.26 eq isakmp
access-list 109 permit esp any host 70.62.101.26
access-list 109 permit ahp any host 70.62.101.26
access-list 109 permit ahp host 97.67.146.74 host 70.62.101.26
access-list 109 permit esp host 97.67.146.74 host 70.62.101.26
access-list 109 permit udp host 97.67.146.74 host 70.62.101.26 eq isakmp
access-list 109 permit udp host 97.67.146.74 host 70.62.101.26 eq non500-isakmp
access-list 109 permit ip 192.168.40.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 109 deny   ip 192.168.39.0 0.0.0.255 any
access-list 109 permit icmp any host 70.62.101.26 echo-reply
access-list 109 permit icmp any host 70.62.101.26 time-exceeded
access-list 109 permit icmp any host 70.62.101.26 unreachable
access-list 109 deny   ip 10.0.0.0 0.255.255.255 any
access-list 109 deny   ip 172.16.0.0 0.15.255.255 any
access-list 109 deny   ip 192.168.0.0 0.0.255.255 any
access-list 109 deny   ip 127.0.0.0 0.255.255.255 any
access-list 109 deny   ip host 255.255.255.255 any
access-list 109 deny   ip host 0.0.0.0 any
access-list 109 deny   ip any any log
access-list 110 remark auto generated by SDM firewall configuration
access-list 110 remark SDM_ACL Category=1
access-list 110 permit udp any host 192.168.39.1 eq non500-isakmp
access-list 110 permit udp any host 192.168.39.1 eq isakmp
access-list 110 permit esp any host 192.168.39.1
access-list 110 permit ahp any host 192.168.39.1
access-list 110 deny   ip 70.62.101.24 0.0.0.3 any
access-list 110 deny   ip host 255.255.255.255 any
access-list 110 deny   ip 127.0.0.0 0.255.255.255 any
access-list 110 permit ip any any
access-list 111 remark auto generated by SDM firewall configuration
access-list 111 remark SDM_ACL Category=1
access-list 111 permit udp host 64.89.70.2 eq domain host 70.62.101.26
access-list 111 permit udp host 64.89.74.2 eq domain host 70.62.101.26
access-list 111 remark Auto generated by SDM for NTP (123) 217.160.254.116
access-list 111 permit udp host 217.160.254.116 eq ntp host 70.62.101.26 eq ntp
access-list 111 permit udp any host 70.62.101.26 eq non500-isakmp
access-list 111 permit udp any host 70.62.101.26 eq isakmp
access-list 111 permit esp any host 70.62.101.26
access-list 111 permit ahp any host 70.62.101.26
access-list 111 permit ahp host 97.67.146.74 host 70.62.101.26
access-list 111 permit esp host 97.67.146.74 host 70.62.101.26
access-list 111 permit udp host 97.67.146.74 host 70.62.101.26 eq isakmp
access-list 111 permit udp host 97.67.146.74 host 70.62.101.26 eq non500-isakmp
access-list 111 permit ip 192.168.40.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 111 deny   ip 192.168.39.0 0.0.0.255 any
access-list 111 permit icmp any host 70.62.101.26 echo-reply
access-list 111 permit icmp any host 70.62.101.26 time-exceeded
access-list 111 permit icmp any host 70.62.101.26 unreachable
access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
access-list 111 deny   ip 192.168.0.0 0.0.255.255 any
access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
access-list 111 deny   ip host 255.255.255.255 any
access-list 111 deny   ip host 0.0.0.0 any
access-list 111 deny   ip any any log
access-list 112 remark auto generated by SDM firewall configuration
access-list 112 remark SDM_ACL Category=1
access-list 112 remark Allow Internet Ping from Outside
access-list 112 permit icmp any any
access-list 112 permit udp any host 192.168.39.1 eq non500-isakmp
access-list 112 permit udp any host 192.168.39.1 eq isakmp
access-list 112 permit esp any host 192.168.39.1
access-list 112 permit ahp any host 192.168.39.1
access-list 112 deny   ip 70.62.101.24 0.0.0.3 any
access-list 112 deny   ip host 255.255.255.255 any
access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark auto generated by SDM firewall configuration
access-list 113 remark SDM_ACL Category=1
access-list 113 permit udp host 64.89.70.2 eq domain host 70.62.101.26
access-list 113 permit udp host 64.89.74.2 eq domain host 70.62.101.26
access-list 113 remark Auto generated by SDM for NTP (123) 217.160.254.116
access-list 113 permit udp host 217.160.254.116 eq ntp host 70.62.101.26 eq ntp
access-list 113 permit udp any host 70.62.101.26 eq non500-isakmp
access-list 113 permit udp any host 70.62.101.26 eq isakmp
access-list 113 permit esp any host 70.62.101.26
access-list 113 permit ahp any host 70.62.101.26
access-list 113 permit ahp host 97.67.146.74 host 70.62.101.26
access-list 113 permit esp host 97.67.146.74 host 70.62.101.26
access-list 113 permit udp host 97.67.146.74 host 70.62.101.26 eq isakmp
access-list 113 permit udp host 97.67.146.74 host 70.62.101.26 eq non500-isakmp
access-list 113 remark AvuTox
access-list 113 permit ip 192.168.38.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 113 permit ip 192.168.40.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 113 remark Greenvile
access-list 113 permit ip 192.168.41.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 113 remark Durham
access-list 113 permit ip 192.168.42.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 113 deny   ip 192.168.39.0 0.0.0.255 any
access-list 113 permit icmp any host 70.62.101.26 echo-reply
access-list 113 remark Allow Internet Ping
access-list 113 permit icmp any any
access-list 113 permit icmp any host 70.62.101.26 time-exceeded
access-list 113 permit icmp any host 70.62.101.26 unreachable
access-list 113 deny   ip 10.0.0.0 0.255.255.255 any
access-list 113 deny   ip 172.16.0.0 0.15.255.255 any
access-list 113 deny   ip 192.168.0.0 0.0.255.255 any
access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
access-list 113 deny   ip host 255.255.255.255 any
access-list 113 deny   ip host 0.0.0.0 any
access-list 113 deny   ip any any log
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 transport output telnet
line vty 0 4
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180206
ntp update-calendar
ntp server 217.160.254.116 source FastEthernet0
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
Comment
Question by:truth_talker
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:Sandeep Gupta
Comment Utility
set the BW on all your interfaces:

bandwidth 35840
0
 

Author Comment

by:truth_talker
Comment Utility
Can you assist me with doing that?  I thought of that but couldn't figure out how to.
0
 
LVL 9

Accepted Solution

by:
Sandeep Gupta earned 500 total points
Comment Utility
interface Tunnel0
bandwidth 35840

interface Fa0
bandwidth 35840


also can you please show me

sh int fa0
sh int tu 0
0
 

Author Comment

by:truth_talker
Comment Utility
This is what I have for those Interfaces
The VPN wasn't actually used so I had removed the Tunnel0 after I saved the original running config, so I can't get that.  But the problem was there before I removed the Tunnel.

FastEthernet0 is up, line protocol is up
  Hardware is PQ3_TSEC, address is 001b.d4ac.8450 (bia 001b.d4ac.8450)
  Description: $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
  Internet address is 70.62.101.26/30
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:02, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 17000 bits/sec, 16 packets/sec
  5 minute output rate 111000 bits/sec, 18 packets/sec
     1097530 packets input, 341779404 bytes
     Received 313 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1601540 packets output, 1549332188 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
Comment Utility
I don't see any issues..

I think you have configured AP and few of your machines are connecting via AP.

if so can you please post AP configs?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:truth_talker
Comment Utility
The computers that are having the issues so far that I have tested are not Wireless.  There are only a couple laptops and even those aren't used primarily via wireless because of the records system.

The AP configs aren't in the config file form above?

What exactly would you need and how can I retrieve that information?  I'm pretty new to Cisco.
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
Comment Utility
nevermind..let ignore wireless thing for now as known problem is with wired machines.

So few computer are working fine and few are not...

try changing infected computer cabel.
0
 

Author Comment

by:truth_talker
Comment Utility
The computers work perfectly on internal network and internal server communication, it's only the Internet that is giving a problem.
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
Comment Utility
is internet settings are identical to those computer which are working fine on internet?
0
 

Author Comment

by:truth_talker
Comment Utility
Yes.  Internet settings and TCP/IP settings are the same however out of two servers.  The one with 192.168.39.3 is having issues while the one with 192.168.39.5 is not.

If I were thinking of scrapping this router and buying a new firewall/router.  What model would be equivalent to this one in today's series of models from Cisco?

Currently we have on cable Internet connection in the main office where the 1811 is located and 3 satellite offices that share this internet over point to point connections.  We are looking at adding a 4th and also need software VPN connectivity. From what I can tell I will have to switch to the AnyConnect VPN software and would like the SSL Clientless VPN, but I need access to the physical network potential and not just web enabled services.

Any recommendations would greatly be appreciated.  I have the opportunity based on the potential growth to replace this device which will hopefully fix the problem at the same time.
0
 

Author Comment

by:truth_talker
Comment Utility
Anyone have a recommendation for a replacement of the Cisco 1811 or even the next step up in capabilities?

Would the ASA5505 be better than the 1811 or do I need to go up to the  5510.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now