El montaje que tenemos es el siguiente:

Internet > router movistar (nat) > router cisco 1921-sec-k9 (nat) ( con firewall activado  1 vpn ipsec )  > LAN

El problema es que los pcs que están en la LAN no alcanzan la velocidad de la línea (300Mb/300Mb).

Si por el contrario conectamos un pc directamente al router de movistar obtenemos esa medida de velocidad: (300Mbps/300Mpbs)

www.speedtest.net :

Y haciendo el mismo test desde el mismo equipo pero puesto en la LAN con el router de movistar en modo monopuesto (modo bridge): 140Mbps/140Mbps

Os envío datos (show ver) y configuración de nuestro router cisco (show int gig0/1)

aycetoledogw#sh ver

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2015 by Cisco Systems, Inc.

Compiled Fri 05-Jun-15 12:31 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

aycetoledogw uptime is 1 week, 2 days, 21 hours, 35 minutes

System returned to ROM by reload

System restarted at 13:44:28 UTC Tue Jun 28 2016

System image file is "usbflash0:c1900-universalk9-mz.SPA.154-3.M3.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO1921/K9 (revision 1.0) with 487424K/36864K bytes of memory.

Processor board ID FCZ1932C1TS

1 FastEthernet interface

2 Gigabit Ethernet interfaces

1 terminal line

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity disabled.

255K bytes of non-volatile configuration memory.

245744K bytes of USB Flash usbflash0 (Read/Write)

Este es el show int:

GigabitEthernet0/1 is up, line protocol is up

  Hardware is CN Gigabit Ethernet, address is 54a2.74e1.8ec1 (bia 54a2.74e1.8ec1)

  Description: $FW_OUTSIDE$

  Internet address is 192.168.254.2/24

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full Duplex, 1Gbps, media type is RJ45

  output flow-control is XON, input flow-control is XON

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 1/75/0/213799 (size/max/drops/flushes); Total output drops: 1233

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 1344000 bits/sec, 333 packets/sec

  5 minute output rate 488000 bits/sec, 296 packets/sec

     92979483 packets input, 112401435 bytes, 8 no buffer

     Received 130096 broadcasts (0 IP multicasts)

     0 runts, 0 giants, 4 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 0 multicast, 0 pause input

     72803716 packets output, 1187931584 bytes, 0 underruns

     0 output errors, 0 collisions, 1 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     8 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

y el show run:

!

! Last configuration change at 12:54:47 UTC Tue Jul 19 2016 by admin

! NVRAM config last updated at 12:54:48 UTC Tue Jul 19 2016 by admin

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname alonsogw

!

boot-start-marker

boot-end-marker

!

!

logging buffered 52000

enable secret 5 $1$.EJA$XIPB8PHSJyUPPpMHBiHkz/

!

aaa new-model

!

!

!

aaa session-id common

!

!!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

cts logging verbose

!

!

!

username root privilege 15 secret 5 $1$/jK.$WEzyn/E3J0Mxl9yNuXPMa1

!

redundancy

!

!

!

!

no cdp run

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-LAN$$FW_INSIDE$

ip address 192.168.10.250 255.255.255.0

ip access-group 101 in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

no ip route-cache cef

duplex auto

speed auto

!

interface GigabitEthernet0/1.3

description $FW_INSIDE$

encapsulation dot1Q 3

ip dhcp client class-id 42

ip address dhcp

ip nat outside

ip virtual-reassembly in

no cdp enable

!

interface GigabitEthernet0/1.6

encapsulation dot1Q 1 native

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

!

interface Dialer0

description $FW_OUTSIDE$

bandwidth 1000000

ip address negotiated

ip access-group 102 in

ip mtu 1492

ip nat outside

ip inspect CCP_LOW out

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname adslppp@telefonicanetpa

ppp chap password 7 050A021C2D5C5E19

ppp pap sent-username adslppp@telefonicanetpa password 0 adslppp

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-top-talkers

top 30

sort-by bytes

!

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

ip nat inside source route-map VOZIP interface GigabitEthernet0/1.3 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended SDM_AH

remark CCP_ACL Category=1

permit ahp any any

ip access-list extended SDM_ESP

remark CCP_ACL Category=1

permit esp any any

ip access-list extended SDM_HTTPS

remark CCP_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_SHELL

remark CCP_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark CCP_ACL Category=1

permit tcp any any eq 22

!

dialer-list 1 protocol ip permit

!

route-map VOZIP permit 1

match ip address 100

!

route-map SDM_RMAP_1 permit 1

match ip address 100

!

!

access-list 23 permit any

access-list 100 remark CCP_ACL Category=18

access-list 100 permit ip any any

access-list 100 permit icmp any any

access-list 101 permit any any

access-list 102 permit  any any

access-list 103 remark CCP_ACL Category=4

access-list 103 permit ip 192.168.10.0 0.0.0.255 any

!

!

!

control-plane

!

#

Muchas gracias de antemano!!