09-19-2008 06:15 PM - edited 03-11-2019 06:47 AM
I'm running IOS firewall on 2 different routers. A 2851 and a 2821. Both are running 12.4(3g) Adv Sec images. Both routers are connected to an internal WAN and also to an external ISP such as a cable modem. They also have LAN interfaces. Default gateway is the "outside" interface connected to the cable modems.
At both sites which are geographically dispersed I'm having very slow response from some websites. In particular www.enterprise.com. If we connect a laptop directly to the cable modem it works fine. If we reroute the default gateway across the WAN to the HQ it works fine. The only time it's slow is when we're routing through the IOS firewall locally at each site. Accessing most sites is ok, it's just a couple that take a very long time (if ever) to finish loading.
I've tried removing the inspect statement from the inside interface. I've tried removing the http inspect statement specifically. I've even tried changing the MTU's to 1492. Even tried changing the NAT translation finrst-timeout to 3600! Nothing is making a difference.
Any suggestions on how to fix this? Or better yet, any debugging I can do?
Thanks!
09-20-2008 07:43 AM
Hi
Are you able to post your config, I would also try upgrading your IOS. Also could you run the following:
debug ip inspect detail
Regards MJ
09-23-2008 05:14 AM
Sorry but I can't post the entire config. I might be able to post snippets. What would be useful?
I did try upgrading to 12.4.21 and had the same result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide