Cisco 831

[kaldag]

I have a Cisco 831 that has slowed my Internet access to a crawl. Here is my Running config.



boot-start-marker
boot-end-marker
!
no logging buffered
enable password 7 05080F1C22431F5B4A
!
no aaa new-model
!
resource policy
!
clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.31.0.161 172.31.0.170
!
ip dhcp pool HomeNet
import all
network 172.31.0.160 255.255.255.224
default-router 172.31.0.161
domain-name intranet.osfnet.org
dns-server 10.73.3.13 208.67.222.222
lease 7
!
!
ip tcp synwait-time 10
ip cef
ip domain name HomeLan.net
ip name-server 10.73.3.13
ip name-server 208.67.222.222
ip name-server 208.67.222.220
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW https
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip ssh version 1
ip ddns update method sdm_ddns1
!
vpdn enable
!
!
!

!
!
interface Ethernet0
description Eth_Inside$ETH-LAN$
ip address 172.31.0.161 255.255.255.224
ip access-group 122 out
ip flow ingress
ip nat inside
ip inspect SDM_LOW in
ip virtual-reassembly
!
interface Ethernet1
description Eth_Outside
ip address dhcp client-id Ethernet1
ip access-group 102 in
ip nat outside
ip virtual-reassembly
duplex half
no cdp enable
crypto map SDM_CMAP_1
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex half
speed 10
!
interface FastEthernet2
duplex full
speed 100
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http secure-server
ip flow-top-talkers
top 10
sort-by packets
!
ip nat inside source static tcp 172.31.0.174 10001 interface Ethernet1 10001
ip nat inside source static tcp 172.31.0.174 4242 interface Ethernet1 4242
ip nat inside source static tcp 172.31.0.174 2105 interface Ethernet1 2105
ip nat inside source static tcp 172.31.0.174 81 interface Ethernet1 81
ip nat inside source static tcp 172.31.0.175 5901 interface Ethernet1 5901
ip nat inside source static tcp 172.31.0.175 5900 interface Ethernet1 5900
ip nat inside source route-map SDM_RMAP_2 interface Ethernet1 overload
!
access-list 1 remark NAT for the Inside Network
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 172.31.0.160 0.0.0.31
access-list 100 remark OSF Protected
access-list 100 remark SDM_ACL Category=5
access-list 100 permit ip 172.31.0.160 0.0.0.31 10.0.0.0 0.0.0.255
access-list 100 permit ip 172.31.0.160 0.0.0.31 192.168.0.0 0.0.255.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 172.31.0.160 0.0.0.31 any
access-list 101 remark SDM_ACL Category=2
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 208.67.222.220 eq domain any
access-list 102 permit udp host 208.67.222.222 eq domain any
access-list 102 permit udp host 10.73.3.13 eq domain any
access-list 102 remark Auto generated by SDM for NTP (123) 10.73.3.12
access-list 102 permit udp host 10.73.3.12 eq ntp any eq ntp
access-list 102 permit ahp host 209.37.141.200 any
access-list 102 permit esp host 209.37.141.200 any
access-list 102 permit udp host 209.37.141.200 any eq isakmp
access-list 102 permit udp host 209.37.141.200 any eq non500-isakmp
access-list 102 remark OSF Class C
access-list 102 permit ip 192.168.0.0 0.0.255.255 172.31.0.160 0.0.0.31
access-list 102 remark OSF Class A
access-list 102 permit ip 10.0.0.0 0.255.255.255 172.31.0.160 0.0.0.31
access-list 102 permit udp 209.37.141.0 0.0.0.255 any eq non500-isakmp
access-list 102 permit udp 209.37.141.0 0.0.0.255 any eq isakmp
access-list 102 permit esp 209.37.141.0 0.0.0.255 any
access-list 102 permit ahp 209.37.141.0 0.0.0.255 any
access-list 102 permit ahp any any
access-list 102 permit esp any any
access-list 102 permit udp any any eq isakmp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit tcp any any eq 22
access-list 102 permit udp any any eq bootpc
access-list 102 permit udp any any eq bootps
access-list 102 permit tcp any any range 5900 5902
access-list 102 permit tcp any any eq 2105
access-list 102 permit tcp any any eq 10001
access-list 102 permit tcp any any eq 4242
access-list 102 permit tcp any any eq 81
access-list 102 deny ip 172.31.0.160 0.0.0.31 any
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=4
access-list 103 remark OSF Class A
access-list 103 permit ip 172.31.0.160 0.0.0.31 10.0.0.0 0.255.255.255
access-list 103 remark OSF Class C
access-list 103 permit ip 172.31.0.160 0.0.0.31 192.168.0.0 0.0.255.255
access-list 103 remark SDM_ACL Category=4
access-list 103 remark OSF Class A
access-list 103 remark OSF Class C
access-list 104 remark SDM_ACL Category=2
access-list 104 remark OSF Class C
access-list 104 deny ip 172.31.0.160 0.0.0.31 192.168.0.0 0.0.255.255
access-list 104 remark OSF Class A
access-list 104 deny ip 172.31.0.160 0.0.0.31 10.0.0.0 0.255.255.255
access-list 104 remark OSF Class C
access-list 104 deny ip 172.31.0.96 0.0.0.31 192.168.0.0 0.0.255.255
access-list 104 remark OSF Class A
access-list 104 deny ip 172.31.0.96 0.0.0.31 10.0.0.0 0.255.255.255
access-list 104 permit ip 172.31.0.96 0.0.0.31 any
access-list 105 remark SDM_ACL Category=2
access-list 105 remark OSF Class C
access-list 105 deny ip 172.31.0.160 0.0.0.31 192.168.0.0 0.0.255.255
access-list 105 remark OSF Class A
access-list 105 deny ip 172.31.0.160 0.0.0.31 10.0.0.0 0.255.255.255
access-list 105 permit ip 172.31.0.160 0.0.0.31 any
access-list 122 permit ip any any
access-list 122 permit icmp any any
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
route-map SDM_RMAP_2 permit 1
match ip address 105
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 120 0
password 7 11084C0D1B1305085C79
logging synchronous
login local
length 0
transport preferred none
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17180263
ntp server 10.73.3.12 source Ethernet0 prefer
end


Any help wouild be great.

Ken

 

[Minue]

Hello
Too much is going on with this router.Check the memory and CPU usage "show processes"Also try to do a basic "conf" to test the router.
I am natting behind my ISP DSL modem,when doing Webcam with MSN,the session is all broken.Put the PC directly in the Modem and everything is smooth.Router normally slow down trasmission,gets even worst when you have a conf like your's.
Best regards

 

[wingatesl]

If you are using telnet to get into the router;
type
term mon

in config mode and wait for a few minutes. This will let you know if there are any issues with the router.