Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
3
Replies

Downloading Issue - Soho router 91

Go to solution
STYLIANOS DEMETRIOU
Level 1
Level 1

‎10-29-2013 08:19 AM - edited ‎03-07-2019 04:18 PM

Hello Guys

I have my provider's modem connected to ethernet 1 port of my soho(91) router and ethernet 0

port is connected to a 2960 switch. On the switch i have my clients connected.

Switch has it's default factory configuration (no extra vlans have been created)

I have the following weird issue

Whenever i try to download a file from the internet using windows 7 client it starts downloading

and stops after a period of time which is not specific (sometimes after 30 second, sometimes after 45)

When i try to download the same file using windows xp the file it's downloading successfully

I;ve disabled the firewall on the client in order to see if that was the problem with no luck.

As i mentioned above no configuration has been made on the switch.

I've connected also the win 7 client on the switch port that win xp client was connected and i got the same issue.

I've test several windows 7 clients and all have the same issue.

The only thing that left unchecked is to upgrade the ios of my Soho router since the ios is 12.2(8)YN which was released back in 2003 and windows 7 OS was released in 2007 and maybe Microsoft has changed the way of downloading a file and that changed was unknown to that cisco ios release.

Please see below the configuration of my router maybe i have to remove or add some extra lines

Current configuration : 3447 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Test

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 x

!

username Administrator x

aaa new-model

!

!

aaa authentication login default local

aaa authentication login CON none

aaa authentication ppp default local

aaa session-id common

ip subnet-zero

ip name-server 194.10.115.25

ip dhcp excluded-address 10.0.0.254

!

ip dhcp pool CLIENT

   network 10.0.0.0 255.255.255.0

   default-router 10.0.0.254

   domain-name mydomain

   dns-server 10.0.0.1

   lease 0 2

!

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

no crypto isakmp enable

!

interface Ethernet0

  ip address 10.0.0.254 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip mroute-cache

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address 194.10.115.18 255.255.255.252

ip access-group 111 in

ip nat outside

ip inspect myfw out

no ip mroute-cache

duplex auto

no cdp enable

!

interface Virtual-Template1

ip unnumbered Ethernet0

peer default ip address pool pptp

ppp authentication chap

!

ip local pool pptp 10.0.0.245 10.0.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 [ISP'S IP]

ip http server

no ip http secure-server

ip nat inside source list 102 interface Ethernet1 overload

ip nat inside source static tcp 10.0.0.1 80 interface Ethernet1 80

!

!

access-list 23 permit 10.0.0.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq 10000

access-list 111 permit tcp any any eq www

access-list 111 permit tcp any any eq 1723

access-list 111 permit tcp any any eq 139

access-list 111 permit udp any any eq netbios-ns

access-list 111 permit udp any any eq netbios-dgm

access-list 111 permit gre any any

access-list 111 deny   ip any any

no cdp run

!

control-plane

!

!

line con 0

exec-timeout 120 0

no modem enable

transport preferred all

transport output all

stopbits 1

line aux 0

transport preferred all

transport output all

line vty 0 4

access-class 23 in

exec-timeout 120 0

length 0

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rfalconer.sffcu
Level 3
Level 3
In response to STYLIANOS DEMETRIOU

‎10-29-2013 09:16 AM

'no ip inspect' should disable the firewall. Keep in mind that only traffic permitted by ACL 111 will be permitted through after you remove the inspection. Using ip inspect creates stateful sessions so that traffic doesn't have to be permitted by the external ACL.

After removing, you can do a sh ip inspect session to make sure it was removed correctly. If not, you can use the clear ip inspect command to remove it.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rfalconer.sffcu
Level 3
Level 3

‎10-29-2013 08:34 AM

Microsoft completely re-did the TCP/IP stack for Windows Vista and Server 2008. So networking in Windows 7, which uses the same stack, is very different from Windows XP. This is typically a very good thing due to improved performance.

A couple of questions on your configuration:

Is that default route correct? It's not on the same network as your E1 interface.

What is the IP address of your Windows 7 machine?

Have you temporarily disabled the firewall on the router to test without that?

0 Helpful

Go to solution
STYLIANOS DEMETRIOU
Level 1
Level 1
In response to rfalconer.sffcu

‎10-29-2013 08:56 AM

Yes it's the correct route i've changed it in order not to expose my network.

If it was a routing problem i wouldn't be able to reach the internet at all since if the router needs to route a packet to a network that is not in its routing table it will try to send it via the default route , am i right?

Windows 7 clients receive addresses from the range of the DCHP pool called "CLIENT" the same happens with Windows XP clients

example   ip; 10.0.0.2/24

               gw: 10.0.0.254

               dns 10.0.0.1 (which is a windows server 2003 small business)

I forgot to mentioned that this is a windows domain enviroment. I also removed the client from the domain and tried the same ip addresing scheme static with dns 8.8.8.8 with no luck.

How do i disable the firewall on the router? I tried to remove ip inspection from ethernet1 but when i did it i wasn't able to reach the internet. so i reenabled it.

0 Helpful

Go to solution
rfalconer.sffcu
Level 3
Level 3
In response to STYLIANOS DEMETRIOU

‎10-29-2013 09:16 AM

'no ip inspect' should disable the firewall. Keep in mind that only traffic permitted by ACL 111 will be permitted through after you remove the inspection. Using ip inspect creates stateful sessions so that traffic doesn't have to be permitted by the external ACL.

After removing, you can do a sh ip inspect session to make sure it was removed correctly. If not, you can use the clear ip inspect command to remove it.

0 Helpful
Customers Also Viewed These Support Documents