Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
4
Replies

Simple Routing Question

Chris Snape
Level 1
Level 1

‎04-03-2012 06:23 AM - edited ‎03-04-2019 03:53 PM

Hi all,

I have a Cisco 1841 serving as a connection between my ISP and my Firewall (non Cisco).

I seem to be having performance issues with my traffic going through the Router.

HTTP (web browsing) is fine andI get my download rate as I would expect for a 10mbps connection.

But anything to do with my VPNs I find a delay when sending via the 1841.

(all my VPNs are managed by my Firewall and I have never had problems with those).

I also have a legacy ADSL connection to my firewall, which bypasses the 1841 and I am having no issues on that at all.

If anything it is quicker! Which is madness as my Fibre should out-perform it easily.

This leads me to believe the issue is not with the Firewall.

My 1841 is very simply setup, 2 fa interfaces with simply a default gateway setup within it.

Which leads me to ask if I need more static routes in or a dynamic route protocol setup?

Snippet of Config:

!

ip cef

no ip domain lookup

ip name-server 158.152.1.43

ip name-server 158.152.1.58

no ipv6 cef

!

multilink bundle-name authenticated

!

!

license udi pid CISCO1841 sn FHK122122XS

archive

log config

  hidekeys

!

redundancy

!

!

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.252

duplex auto

speed auto

!

!

interface FastEthernet0/1

ip address 2.2.2.2 255.255.255.248

duplex auto

speed auto

!

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

!

!

What else do I need to speed it up?

Regards,

Chris Snape

Labels:
0 Helpful
4 Replies 4

gaurav bhardwaj
Level 1
Level 1

‎04-03-2012 06:48 AM

default route should be to asa

that is ip route 0.0.0.0 0.0.0.0 (asa interface ip address which is connect to router)

then pass to router

you give the default route to router interface,,,and it should be the next hop ip

like if you asa e0/0 connect to the router and the ip address 1.1.1.2 255.255.255.242

then the commend is

ip route 0.0.0.0 0.0.0.0 1.1.1.2

hope it's help you

0 Helpful

Chris Snape
Level 1
Level 1
In response to gaurav bhardwaj

‎04-03-2012 06:56 AM

Thanks for the reply.

Just to clarify my firewall is inside the Cisco 1841.

ISP << 1841 << Firewall << LAN

All I want the 1841 to do it route from one to the other, nothing else.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to Chris Snape

‎04-03-2012 08:03 AM

How about connecting the FW directly to the ISP (don't use the backup DSL).

Does the VPN connection from the FW improves?

If Web Browsing via the 1841 is using full speeds, I don't see anything in your configuration

preventing encrypted data from going full speeds.

0 Helpful

gaurav bhardwaj
Level 1
Level 1
In response to Chris Snape

‎04-03-2012 08:05 AM

first of all i just want too say you should  deploy you asa after isp and then you can provide batter security if you take this topology  you have to maintain so many acl ..buy any way now the scenario is defferent

ok

0 Helpful
Customers Also Viewed These Support Documents