,,Hi all 

I upgraded to a  Cisco 1941 ( from 1841) 

I applied the access list below to the provider facing interface. And there a 2 issues as result of this. When I run a speed test I typically download about 60 Mbs when it should be 90. If I remove the access list from the interface it will consistently hit 90 all day. CPU spikes and hits 100 % during these test. I captured the CPU process below in the middle of a speed test... My question is,,,is this normal? Does NAT have anything to do with this>? I am hoping I have something set wrong that I can correct > If that's not possible this 1941 is a letdown  

Thank you in advance 

HS1941#sh processes cpu | ex 0.00
CPU utilization for five seconds: 93%/37%; one minute: 37%; five minutes: 14%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
82 356 403 883 0.79% 0.25% 0.06% 132 Virtual Exec
116 72 199824 0 0.07% 0.04% 0.02% 0 IPAM Manager
120 100264 128767 778 54.31% 21.19% 7.63% 0 IP Input
234 104 200011 0 0.07% 0.05% 0.06% 0 PPP manager

Extended IP access list 110
10 deny udp any any eq netbios-ss
20 deny udp any any eq netbios-ns
30 deny udp any any eq netbios-dgm
40 deny tcp any any eq daytime
50 deny tcp any any eq chargen
60 deny udp any any eq 19
70 deny udp any any eq 1900
80 deny tcp any any eq 1900
90 deny tcp any any eq sunrpc
100 deny tcp any any eq exec
110 deny tcp any any eq login
120 deny tcp any any eq klogin
130 deny tcp any any eq kshell
140 deny tcp any any eq 135
150 deny udp any any eq 135
160 deny tcp any any eq 137
170 deny tcp any any eq 139
180 deny tcp any any eq 445
190 deny udp any any eq 445
200 permit ip any any log (370076 matches) 

interface GigabitEthernet0/1
ip address dhcp client-id GigabitEthernet0/1
ip access-group 110 in
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex full
speed 1000
no cdp enable
end