04-04-2014 01:59 AM - edited 03-04-2019 10:43 PM
Проблема:
Видео (даже 144p !!!) на ютуб кэшируется, проигрывается кэш, замирает, на минуту, пять, десять, час, два, потом может чуть-чуть еще закэшировать, может окончательно подвиснуть. При этом страницы грузятся мгновенно, speedtest показывает 5-10 Мбит/с, файлы качаются нормально, торренты нормально, все нормально кроме потокового видео.
Версия IOS - advsecurityk9-mz.151-4.M
Конфиг:
Current configuration : 12157 bytes
!
! Last configuration change at 13:24:27 GMT Fri Apr 4 2014 by admin
! NVRAM config last updated at 13:55:33 GMT Fri Apr 4 2014 by admin
! NVRAM config last updated at 13:55:33 GMT Fri Apr 4 2014 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname border-M-G
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
logging buffered 262144
enable secret 5 $1$S
!
aaa new-model
!
!
aaa authentication password-prompt "password: "
aaa authentication username-prompt "login as: "
aaa authentication login default local
aaa authentication login ANYCONNECT-LOGIN group radius local
aaa authentication enable default enable
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
clock timezone GMT 6 0
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain name cisco.com
ip name-server 10.24.24.22
ip name-server 192.168.1.19
login block-for 60 attempts 3 within 60
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TRUSTPOINT
enrollment selfsigned
serial-number
subject-name CN=TEST-CERTIFICATE
revocation-check crl
rsakeypair RSA
!
!
crypto pki certificate chain TRUSTPOINT
certificate self-signed 01
6B8C300D 06092A86 4886F70D 01010505 00038181 003CC21F 5F46584C 8CE15C44
267F3D3F 7C446739 04BBB953 E4B3A167 83D7B6DB 4087FB30 7BB4ED59 FA85CAA7
D1FED8ED 98A8054E 51BA13D8 E6CDF4DE 0257B51E 7EE80FD4 E1FCB047 E49C9041
4AEC83AC 55F9BC05 67EB14BB DC26BFCC 7E3CFC3B 3D9FB362 52331C67 EAE79DB6
C6C234D6 B557005E 19FC0A98 058FD234 59F038F4 AC
quit
!
!
license udi pid CISCO1841 sn FCZ000000
archive
log config
logging enable
hidekeys
path ftp://test/border/run-config
write-memory
username admin privilege 15 secret 5 $1$E4Rt$
redundancy
!
!
ip ftp username 155\ftp
ip ftp password 123
ip ssh logging events
ip ssh version 2
!
track 1 ip sla 1
delay down 30
!
track 2 ip sla 2
delay down 30
!
class-map match-any bittorrent
match protocol bittorrent
match protocol directconnect
match protocol edonkey
match protocol kazaa2
match protocol gnutella
class-map match-any Real-Time-Out
match ip precedence 5
class-map match-any Voice
match access-group name Avaya
!
!
policy-map TOS_MARKER
class Voice
set ip precedence 5
policy-map bittorrent
class bittorrent
drop
policy-map outbound
class Real-Time-Out
priority 768
class class-default
fair-queue
policy-map parent
class class-default
shape average 8096000
service-policy outbound
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key 555555 address 10.214.224.1
crypto isakmp keepalive 20 5 periodic
!
!
crypto ipsec transform-set 3des esp-3des esp-md5-hmac
mode transport
!
crypto map cryptomap 10 ipsec-isakmp
set peer 10.24.24.1
set transform-set 3des
match address 101
!
!
!
!
!
interface Loopback100
description ===ManagmentInterface===
ip address 10.24.25.1 255.255.255.255
!
interface Tunnel798
description ===vpn===
ip address 10.24.24.18 255.255.255.252
ip mtu 1476
ip tcp adjust-mss 1436
ip ospf cost 50
qos pre-classify
keepalive 10 15
tunnel source FastEthernet0/0.798
tunnel destination 10.214.224.1
!
interface Tunnel799
description ===vpn-over-VT===
ip address 10.24.24.22 255.255.255.252
ip mtu 1468
ip tcp adjust-mss 1428
ip ospf cost 100
ip ospf mtu-ignore
keepalive 10 15
tunnel source Dialer1
tunnel destination 13.35.11.14
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.103
description ===link-to-pix===
encapsulation dot1Q 103
ip address 10.24.24.9 255.255.255.252
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip policy route-map RMAPtest
service-policy input TOS_MARKER
!
interface FastEthernet0/0.115
description ===direct access to the Internet===
encapsulation dot1Q 115
ip address 8.6.7.1 255.255.255.240
ip access-group BARS in
!
interface FastEthernet0/0.117
description ===to-bars-HV===
encapsulation dot1Q 117
ip address 10.214.209.254 255.255.255.0
!
interface FastEthernet0/0.312
description ==infosvyaz-voip==
encapsulation dot1Q 312
ip address 7.9.3.2 255.255.254.0
!
interface FastEthernet0/0.798
description ===infosvyaz-vpn===
encapsulation dot1Q 798
ip address 10.24.24.2 255.255.255.252
service-policy output parent
!
interface FastEthernet0/0.800
description ===beeline-sip===
encapsulation dot1Q 800
ip address 10.25.0.74 255.255.255.224
ip nat outside
ip virtual-reassembly in
shutdown
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
description ===TELESOT===
ip address negotiated
ip access-group inDialer1 in
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip route-cache policy
ip tcp adjust-mss 1452
load-interval 30
dialer pool 1
keepalive 10 3
ppp authentication chap pap callin
ppp chap hostname 0000
ppp chap password 0 00000
ppp pap sent-username 0000 password 0 00000
no cdp enable
!
router ospf 1
redistribute static subnets route-map Redistribute-OSPF-Static
network 10.24.24.16 0.0.0.3 area 0
network 10.24.24.20 0.0.0.3 area 0
!
ip local pool ANYCONNECT-POOL 10.24.7.1 10.24.7.254
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip flow-export source Loopback100
ip flow-export version 5
ip flow-export destination 10.24.27.3 22562
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 100
!
ip nat translation icmp-timeout 10
ip nat inside source static tcp 10.214.207.250 3389 interface Dialer1 3389
ip nat inside source static tcp 10.214.200.3 80 interface Dialer1 8888
ip nat inside source static tcp 10.214.204.5 21 interface Dialer1 21
ip nat inside source static udp 10.214.200.29 46696 interface Dialer1 46696
ip nat inside source static tcp 10.214.200.29 46696 interface Dialer1 46696
ip nat inside source static udp 10.214.204.4 2000 interface Dialer1 2000
ip nat inside source static tcp 10.214.204.7 1542 interface Dialer1 1542
ip nat inside source static udp 10.214.204.7 1542 interface Dialer1 1542
ip nat inside source static udp 10.214.224.10 500 interface Dialer1 500
ip nat inside source static udp 10.214.224.10 4500 interface Dialer1 4500
ip nat inside source static udp 10.214.224.10 10000 interface Dialer1 10000
ip nat inside source static udp 10.214.206.2 3478 interface Dialer1 3478
ip nat inside source static tcp 10.215.204.6 80 interface Dialer1 80
ip nat inside source static udp 10.214.200.106 69 interface Dialer1 69
ip nat inside source route-map RMAP-NAT-TELESOT interface Dialer1 overload
ip nat inside source static udp 10.214.206.2 5060 23.23.7.28 5060 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1 50 track 2
ip route 0.0.0.0 0.0.0.0 10.214.224.17 100
ip route 8.8.8.8 255.255.255.255 Dialer1
ip route 10.25.255.10 255.255.255.255 10.25.0.65
ip route 8.37.6.3 255.255.255.255 Dialer1
!
ip access-list standard Redistribute-OSPF-Static
permit 10.24.0.0 0.0.255.255
permit 10.25.0.0 0.0.255.255
!
ip access-list extended Avaya
permit ip 10.24.20.0 0.0.0.255 host 192.168.1.49
ip access-list extended BARS
deny ip host 18.18.16.2 10.0.0.0 0.0.0.255
deny ip host 18.18.16.2 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended DF-BIT
permit ip any any
ip access-list extended NAT-BEELINE-SIP
permit ip any host 10.25.255.10
ip access-list extended NAT-ISP
permit ip host 10.24.20.5 any
permit ip any host 3.20.5.4
permit tcp host 10.24.98.10 any eq 5938
permit tcp host 10.24.20.17 any eq 5938
permit tcp any any eq 5938
permit ip 10.24.0.0 0.0.255.255 any
permit ip 10.25.0.0 0.0.255.255 any
deny ip host 10.24.20.17 any
ip access-list extended OVER-H
permit ip host 10.24.20.31 any
ip access-list extended inDialer1
deny udp any any eq snmp
permit tcp any host 18.18.16.2 eq 6912
permit tcp any host 18.18.16.2 eq www
permit tcp any host 18.18.16.2 eq 1521
permit tcp any host 18.18.16.2 eq 1522
permit tcp any host 18.18.16.2 eq 1523
permit tcp any host 18.18.16.2 eq 1524
permit tcp any host 18.18.16.2 eq 1525
deny ip any host 18.18.16.2
deny tcp any any eq ftp-data
deny tcp any any eq ftp
permit ip any any
ip access-list extended remote-access
deny ip any any
!
ip radius source-interface Loopback100
ip sla 1
dns ya.ru name-server 8.8.8.8 source-ip 8.27.7.18
ip sla schedule 1 life forever start-time now
ip sla 2
dns ya.ru name-server 8.8.8.8 source-ip 8.27.7.18
frequency 10
ip sla schedule 2 life forever start-time now
access-list 101 permit gre host 10.214.224.2 host 10.214.224.1
!
!
!
route-map RMAP-NAT-TELESOT permit 10
match ip address NAT-ISP
match interface Dialer1
!
route-map Redistribute-OSPF-Static permit 10
match ip address Redistribute-OSPF-Static
!
route-map RMAPtest permit 5
match ip address DF-BIT
set ip df 0
!
route-map RMAPtest permit 10
match ip address OVER-H
set ip next-hop 10.14.24.7
!
route-map RMAP-NAT-BEELINE-SIP permit 10
match ip address NAT-BEELINE-SIP
match interface FastEthernet0/0.800
!
snmp-server community 0 RO
snmp-server community 0 RO
snmp-server location 0
snmp-server contact 0
snmp-server host 192.168.188.5 version 2c public
!
!
radius-server host 10.10.10.10
radius-server key 0
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
access-class remote-access in
transport input all
line vty 5 15
access-class remote-access in
transport input all
!
scheduler allocate 20000 1000
ntp master
ntp server 10.10.10.10
!
webvpn gateway ANYCONNECT-GATEWAY
ip address 1.1.1.1 port 443
ssl encryption aes-sha1
ssl trustpoint TRUSTPOINT
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-3.1.05152-k9.pkg sequence 2
!
webvpn context ANYCONNECT-CONTEXT
ssl authenticate verify all
!
url-list "ANYCONNECT-URL-LIST"
!
acl "SSL-ACL"
permit ip 10.20.1.0 255.255.255.0 10.20.1.0 255.255.255.0
!
!
policy group ANYCONNECT-POLICY
functions svc-enabled
filter tunnel SSL-ACL
svc address-pool "ANYCONNECT-POOL" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 10.10.0.0 255.255.0.0
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary 8.8.8.8
svc dns-server secondary 8.8.4.4
default-group-policy ANYCONNECT-POLICY
aaa authentication list ANYCONNECT-LOGIN
gateway ANYCONNECT-GATEWAY
max-users 50
inservice
!
end
04-06-2014 03:52 PM
how can i help you?
04-07-2014 02:29 AM
Видео (даже 144p !!!) на ютуб кэшируется, проигрывается кэш, замирает, на минуту, пять, десять, час, два, потом может чуть-чуть еще закэшировать, может окончательно подвиснуть. При этом страницы грузятся мгновенно, speedtest показывает 5-10 Мбит/с, файлы качаются нормально, торренты нормально, все нормально кроме потокового видео.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide