Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1379
Views
0
Helpful
0
Replies

Need Help to configure Cisco 867VAE K9 - Some websites are slow

eveilside
Level 1
Level 1

‎06-12-2015 04:45 AM

Hello,


I need help to configure a Cisco router 867VAE K9.

I have a DSL line and the internal network. I just want to access internet in internal network.

My configuration work's but for some sites access is very slow.


Here is my config :

*****************************************************************************************************************************************


Current configuration : 5594 bytes
!
! Last configuration change at 14:23:44 Paris Thu Jun 11 2015 by cisco
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXX
!
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode dsl
clock timezone Paris 1 0
!
!
!
!
!
!
no ip domain lookup
ip domain name home.int
ip name-server 212.27.40.240
ip name-server 212.27.40.241
ip cef
no ipv6 cef
!
!
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-2069868063
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2069868063
 revocation-check none
 rsakeypair TP-self-signed-2069868063
!
!
crypto pki certificate chain TP-self-signed-2069868063
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32303639 38363830 3633301E 170D3134 31323330 30303535
  XXXXXXXX XXXXXXXX    XXXXXXX   .......
        quit
!
!
username xxxxx privilege 15 secret 5 $xxxxxxx/xxxxxxxx
username xxxxx privilege 15 secret 5 $xxxxxxx/xxxxxxxx.
!
!
controller VDSL 0
!
!
!
!
!
!
crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group vpngroup
 key xxxxxxx
 dns 192.168.10.10
 wins 192.168.10.10
 domain xxxxxxx.local
 pool default
 acl 102
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
 mode tunnel
!
!
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 ip address x.x.x.x 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 pvc 8/36
  encapsulation aal5mux ip
 !
!
interface Ethernet0
 no ip address
 shutdown
!
interface FastEthernet0
 no ip address
 spanning-tree portfast
!
interface FastEthernet1
 no ip address
 spanning-tree portfast
!
interface FastEthernet2
 no ip address
 spanning-tree portfast
!
interface FastEthernet3
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 description $ES_WAN$$FW_OUTSIDE$
 no ip dhcp client request tftp-server-address
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.10.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.10.252 22 interface ATM0.1 22
ip nat inside source static tcp 192.168.10.252 1300 interface ATM0.1 1300
ip nat inside source static udp 192.168.10.252 4500 interface ATM0.1 4500
ip nat inside source static udp 192.168.10.252 500 interface ATM0.1 500
ip nat inside source static tcp 192.168.10.252 4500 interface ATM0.1 4500
ip nat inside source static tcp 192.168.10.252 500 interface ATM0.1 500
ip nat inside source static tcp 192.168.10.10 443 interface ATM0.1 443
ip nat inside source static tcp 192.168.10.10 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.10.10 4125 interface ATM0.1 4125
ip nat inside source list 101 interface ATM0.1 overload
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 10.1.1.248 255.255.255.255 192.168.10.248
ip route 10.1.8.21 255.255.255.255 192.168.10.248
ip route 172.31.0.0 255.255.0.0 192.168.10.248
!
mac-address-table aging-time 16
no cdp run
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 101 deny   ip any 10.0.0.0 0.255.255.255
access-list 101 deny   ip any 192.168.0.0 0.0.255.255
access-list 101 permit ip any any
access-list 102 permit ip 192.168.10.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 192.168.10.0 0.0.0.255
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 60000 1000
!
end


************************************************************************************************************************************************


In the beginning, there was this line in Vlan1 configuration (in the basic config) : "ip tcp adjust-mss 1452".

With this line on internal network interface configuration, the connection work's but a lot of sites are unavailable or very very slow.....


So, i imagine that the problem is about this.


Also, i have seen in the configuration of the old routeur (cisco 837) , lines like this :  " hold-queue 100 out", "hold-queue 224 in"


What is it ? And is it necessary ?


Can you help me ?


Thanks.

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents