06-15-2011 10:28 PM - edited 03-04-2019 12:43 PM
Hi,
I have a problem I can't resolve
Description:
Internet usage is very slow when initially opening a site from LAN clients. Once established it is OK. If I ping a site from an LAN client by either host name or IP address it takes about 5 seconds, drops the first packet then is fine after that. if I ping it again immediately afterwards it is fine. But if i wait 2 minutes and try again the problem returns. So I would conclude that seeing it is the same whether I use Host name or IP address it is not a DNS issue.
Pinging from the router produces no fault at all.
ping 4.2.2.1
ping 4.2.2.1 source bvi1
ping yahoo.com
ping yahoo.com source bvi1
ping 192.168.1.10 source Dialer0 (internal server)
All perfect
I can ping the router internal and external interface or any internal ip or hostname from the LAN with no delay or hesitation so it is not a switch interface or network card problem.
Some sort of NAT issue maybe? I really am lost.
Can someone who know more than me (most people) have a look at the config below and tell me if that is where the problem lies.
Any suggestions are greatly appreciated.
Config (sanitised) follows...
__________________________
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname Users857w
!
boot-start-marker
boot-end-marker
!
logging count
logging userinfo
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone ESTime 10
clock save interval 8
!
crypto pki trustpoint TP-self-signed-1114035
---Snip---
!
crypto pki certificate chain TP-self-signed-1114035
----Snip----
quit
dot11 syslog
!
dot11 ssid XXXXgoona
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxx
!
no ip source-route
!
!
ip cef
ip inspect name Inspect_Out dns
ip inspect name Inspect_Out ftp
ip inspect name Inspect_Out pptp
ip inspect name Inspect_Out https
ip inspect name Inspect_Out imap
ip inspect name Inspect_Out pop3
ip inspect name Inspect_Out rcmd
ip inspect name Inspect_Out realaudio
ip inspect name Inspect_Out esmtp
ip inspect name Inspect_Out tftp
ip inspect name Inspect_Out tcp router-traffic
ip inspect name Inspect_Out udp router-traffic
ip inspect name Inspect_Out icmp router-traffic
no ip bootp server
ip domain name XXXXgoona.local
ip name-server 139.130.4.4
ip name-server 203.50.2.71
login block-for 300 attempts 4 within 60
login delay 7
login quiet-mode access-class Allow_Quiet_Mode
login on-failure log
login on-success log
!
username theuser privilege 15 secret 5 $1$cd4O$lA8
!
archive
log config
hidekeys
!
ip ssh version 2
!
bridge irb
!
interface ATM0
no ip address
no ip route-cache cef
no ip route-cache
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid XXXXgoona
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description Ramtech LAN Interface
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
description Ramtech Westnet
ip address negotiated
ip access-group Internet_Inbound in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect Inspect_Out out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXgoo10@direct.telstra.net
ppp chap password 7 xxxx
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat source static tcp 192.168.x.x 25 interface Dialer0 25
ip nat source static tcp 192.168.x.x 443 interface Dialer0 443
ip nat source static tcp 192.168.x.x 987 interface Dialer0 987
ip nat source static tcp 192.168.x.x 3389 interface Dialer0 3389
ip nat inside source list Allow_NAT interface Dialer0 overload
!
ip access-list standard Allow_LAN_Access
permit 192.168.1.0 0.0.0.255
ip access-list standard Allow_NAT
permit 192.168.1.0 0.0.0.255
ip access-list standard Allow_Quiet_Mode
remark IPs allowed during quietmode lockdown
permit 192.168.1.0 0.0.0.255
!
ip access-list extended Internet_Inbound
remark --- Anyone is allowed SMTP to the server
permit tcp any host 110.142.x.x eq smtp
permit tcp any host 110.142.x.x eq 443 log
permit tcp any host 110.142.x.x eq 987 log
permit gre any any log
permit tcp host 202.173.x.x host 110.142.x.x eq 22 log
permit tcp host 202.173.x.x host 110.142.x.x eq 3389
!
logging trap debugging
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 route ip
alias exec tl0 terminal length 0
alias exec ps show process cpu
alias exec top show process cpu sort 5m | excl (0.00% 0.00% 0.00%)
alias exec version show version | include image
alias exec uptime show version | include uptime|ROM[^:]|restarted
alias exec hist show process cpu history
alias exec dsl show dsl interface atm0 | include DSL[^:]|dB|Activat|LED|Speed
!
line con 0
no modem enable
transport preferred none
transport output all
line aux 0
transport output all
line vty 0 2
exec-timeout 20 0
privilege level 15
transport preferred none
transport input telnet
line vty 3 4
exec-timeout 20 0
privilege level 15
transport preferred none
transport input ssh
transport output all
!
scheduler max-task-time 5000
sntp server 202.173.x.x
sntp server 128.250.x.x
sntp server 202.72.x.x
Solved! Go to Solution.
06-19-2011 01:05 AM
No problem.
I see your OP dated 6/17, how it can have been there 3 days? May be you edited later, so the newer date? In any case I had not seen it, otherwise likely would have responded.
I tried entering 12.4(15)T14 in the search box above and the third result is about the bug you've also found. Agree that is with the hindsight of knowing it's a buggy version.
I think if if remove the unnecessary inspect, class map and firewall from you config you will notice a dramatic increase in performances.
06-18-2011 01:09 AM
Solved it!!!!
Version 12.4(15)T14 which was supplied with the router has a bug. "Packet stream interruption with NAT". I have back graded to T13 and Hey presto! All good.
The red herring was that the DG834 i tried had a faulty port giving similar symptoms and the other 857w i tried had the same firmware.
I have to say, this was posted on 3 different forums. A general network, a windows, and here. This is the only forum that no one bothered responding on. Interesting it turned out to be a Cisco problem...
06-18-2011 02:31 AM
Actually, if you look at the threads in this forum, most questions are answered satisfactorily.
Moreover the problem you reported is well know and would have turned up with a search.
Maybe next time be a bit more realistic about the reaction time of people that helps your for free when you come here compelled and probably will never be seen again.
06-18-2011 02:31 PM
Paolo,
Some facts may have been useful to you before your response to my observations.
06-19-2011 01:05 AM
No problem.
I see your OP dated 6/17, how it can have been there 3 days? May be you edited later, so the newer date? In any case I had not seen it, otherwise likely would have responded.
I tried entering 12.4(15)T14 in the search box above and the third result is about the bug you've also found. Agree that is with the hindsight of knowing it's a buggy version.
I think if if remove the unnecessary inspect, class map and firewall from you config you will notice a dramatic increase in performances.
06-20-2011 07:48 PM
Thanks for the consructive critisism Paolo.
It is greatly appreciated.
Now to show my ignorance...
All comments greatfully recieved. And thanks again for the assistance.
06-20-2011 08:37 PM
Actually I will close this thread and start a new one as it is unrelated really. Thanks for the help Paolo.
06-21-2011 05:08 AM
These commands only slow down the router and do not add any real security, that you have already by virtue of NAT.
Thank you for the nice rating and good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide