certain websites not working or very slow

amralrazzaz · ‎11-27-2019

i have issue with accessing my organization websites suddenly and all other web sites working fine

im using router 2911 and 2 cisco catalyst 2960 x 24 gige poe 370w 4x1g sfp lan base - some sites like https://frieslandcampina.service-now.com/sp its redirect me to child web site then i have to put user and pass to access , but actually taking too much time then time out but before it was working great with no issues

i have tried from home it works great

im sharing my config file and need advice if something need to modify to change

EGCAI01#
EGCAI01#sh int g0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d46d.50bc.49f0 (bia d46d.50bc.49f0)
Description: inside LAN
Internet address is 192.168.2.207/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 2/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:15:42
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 358000 bits/sec, 490 packets/sec
5 minute output rate 10811000 bits/sec, 1044 packets/sec
454515 packets input, 42980152 bytes, 0 no buffer
Received 393 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 46 multicast, 0 pause input
985740 packets output, 1288050080 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
31 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output

amr alrazzaz

Georg Pauwen · ‎11-27-2019

Hello,

chances are that the website itself is the problem. The original website is hosted in The Netherlands, you then get redirected to a server in Germany, the server has blocked ICMP, so I don't get a response at all. Chances are they have changed their hosting to another provider.

If you work for FrieslandCampina, get in touch with their networking department.

Try some other sites in The Netherlands, such as:

ad.nl

rdw.nl

or in Germany:

spiegel.de

nrw.de

Are these slow as well ?

amralrazzaz · ‎11-27-2019

actually its fast and opened normally

i have tried this with another isp and it work normally (from home)

i have asked my isp to check and no issue from them

i assume that the issue from my site ?!! but also im not sure but maybe ? so if there is any to modify in config file to make it ?

amr alrazzaz

amralrazzaz · ‎11-27-2019

i connect the laptop B2B to isp router and every thing is working fine and normal so the issue should be on my router

i need help to check whats should be changing or modifying to let it work

User Access Verification

Username: ........
Password:
EGCAI01#show run
Building configuration...

Current configuration : 16627 bytes
!
! Last configuration change at 19:31:38 EET Wed Nov 27 2019 by amr
! NVRAM config last updated at 19:31:02 EET Wed Nov 27 2019 by amr
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EGCAI01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret 5 $1$l9ha$dHLj/scp8Qm8C77UcUa/K0
enable password cisco1
!
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
!
!
!
ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!

!
!
file privilege 0
username ........password 0 cish:
username ...... secret 5 $1$5Klr$GneBF.AwmAgvMY4lW/Ylk1
username ausername Acc
username ...... privilege 15 secret 9 $9$eSfWH2ACcyEpgU$kBe69JmDRjwR01pDNDUjBF17G2JI8hOCafvoaptS8f6
!
redundancy
!
process-max-time 50
!
ip ssh time-out 90
ip ssh version 2
!
!
!

shutdown
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip mtu 1400
ip flow ingress
ip flow egress
ip nat outside
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
ip tcp adjust-mss 1360
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 192.168.2.195 9996
ip flow-top-talkers
top 60
sort-by packets
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 41.33.42.169
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
!

thanks

amr alrazzaz

Georg Pauwen · ‎11-27-2019

Hello,

I have stripped your configuration down to the bare bone essentials, try to use that and check if it makes a difference...

Current configuration : 16627 bytes
!
! Last configuration change at 19:31:38 EET Wed Nov 27 2019 by amr
! NVRAM config last updated at 19:31:02 EET Wed Nov 27 2019 by amr
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EGCAI01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret 5 $1$l9ha$dHLj/scp8Qm8C77UcUa/K0
enable password cisco1
!
no aaa new-model
clock timezone EET 2 0
!
ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!

!
!
file privilege 0
username ........password 0 cish:
username ...... secret 5 $1$5Klr$GneBF.AwmAgvMY4lW/Ylk1
username ausername Acc
username ...... privilege 15 secret 9 $9$eSfWH2ACcyEpgU$kBe69JmDRjwR01pDNDUjBF17G2JI8hOCafvoaptS8f6
!
redundancy
!
process-max-time 50
!
ip ssh time-out 90
ip ssh version 2
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 41.33.42.169
!
access-list 1 permit 192.168.2.0 0.0.0.255

amralrazzaz · ‎11-27-2019

forget to tell im using

router rip
version 2
network 192.168.1.0
network 192.168.2.0
no auto-summary

should i change something?

amr alrazzaz

Georg Pauwen · ‎11-27-2019

Hello,

who are your RIP neighbors ?

paul driver · ‎11-27-2019

Hello

You have duplicate post - here so please close one of them down as ou will only obtain mixed suggestions.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul