Cisco WAN :: Http Traffic Hanging Through 2821 Router
Mar 28, 2011
I'm using a Cisco 2821 router to provide temporary Internet access for a private network of about 300 users for a conference at a hotel. The hotel has provided me a public IP address for the WAN side. On the LAN side I have a 10.x.x.x /8 subnet with the router providing DHCP and NATing (overload) across the WAN interface.
Users can pick up an IP address and access the web. Light web pages such as Google tend to load without issue, however if a user does something that takes more time, such as streaming a Youtube trailer or opening an RDP session, the connection will freeze.
It doesn't appear to be related to bandwidth availability. Pings return on average 10-15 ms. However, I will get a request time out about every 10th continual ping. Steaming video will load about 4-6 seconds worth of data, then will appear to freeze without dropping. Doing something like speedtest.net will send a large amount of data then will hang, without ever ending the conversation.
This doesn't happen when I plug a laptop directly into the hotel public Internet line. They also don't have issues with their network similar to this.
I do not have any ACLs, etc. loaded. The router is basically wide open as far as I can tell. I don't see the router resources getting used much at all.
View 1 Replies
ADVERTISEMENT
May 9, 2012
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
[Code].....
View 2 Replies
View Related
Mar 8, 2011
I Have a 2821 Router with a IOS Version 12.4(13r)T. When i enabled the firewall, my download speed slows down to 10-20kbps (the normal is 5-6 Mbps).
View 11 Replies
View Related
Dec 11, 2010
We have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies
View Related
Jan 23, 2012
i have 2 routers, 2821 and 2811. they are connected via GRE over IPsec, and all of the traffic from 2821 is being routed to 2811 with a default route to its tunnel interface. 2821 needs to access internet through 2811 valid ip address, my question is that how should i nat the traffic on 2811 so that 2821 can access the internet?
View 1 Replies
View Related
Apr 19, 2010
I have a 2821 router with two T1 WICs and have the need to route FTP down one T1 and all other TCP traffic down another T1. All traffic is going to the same remote IP address. The remote sites are in different states, and I assume that the remote subnet is being bridged between the states. It's kind of a weird set up, but it's not my design.
Anyway, can I use a route map to split off FTP traffic to host A and send it down one T1 and have the rest of the IP traffic to host A go down the other T1? I also need to be able to have all traffic use one T1 in case the other T1 goes down.
My first thought was to static all IP down T1-1, then route map FTP traffic down T1-2, then have a floating static for all IP traffic down T1-2 with a higher metric. But something would have to track the T1 interfaces and I'm not sure if route maps or static routes can do that. Any thoughts on this?
View 2 Replies
View Related
Nov 2, 2011
i want to monitor interface traffic in/out by eem and the if the values is overer than some value i will change the policy. for example my router is 2821 is have 2 fastEthernet port , i want to monitor the traffic on fasE1/0 if traffic over than 80Mbps i will change some configuration ( example: change next-hop on static route) for via traffic to interface fasE1/1 for reduce the traffic on interface fasE1/0?
View 6 Replies
View Related
Mar 8, 2012
I have a Cisco 2821 with ios Version 12.4(21). On that router I have a WAN link that is 550mbit dual. The interface is 1000FD so i need to shape my output traffic to max 550mbit - otherwise my ISP policing is dropping the traffic.
I've looked at this document url... and i'm trying to use this interface command:traffic-shape rate
But the router wont accept rate value 550000000 that should be 550mbit in bits/s
Is it not possible to shape the traffic to 550mbit on the 2821 router?
View 10 Replies
View Related
Feb 29, 2012
I have hooked up to the Cisco 2821 router a T1 on Serial and Cable Modem to GigEth0/1 and I want to split outbound traffic so that all regular users will use G0/1 interface for web traffic and the rest of the traffic stays with the T1. I am having an issue where the users on the network are not able to use the internet when using the following config:
!
interface GigabitEthernet0/0.10
description Data
encapsulation dot1Q 50
[Code].....
View 11 Replies
View Related
Feb 14, 2012
MPLS customer with 4 T1s in a multilink. If one of the T1s drops there is a brief delay in traffic picking back up and I actually lose packets from premise back to CO. You can see this loss both with pinging across the circuit and with techs on either end running JPerf. It can take as long as 6 seconds for the reconvergence to actually happen on the multilink and traffic picks back up. In my experience this is normal behavior for Mulitlinks
I'd also like to note that it is indeed much quicker reconvergence when you physically pull the T1, any of the T1s, rather than administratively shutting down one of them and I understand that the hardware is quicker than software and that's a good thing, obviously. I've tried this with and without ppp mulitlink fragment disabled on either end and every other combo between the two. Each of the 4 serial interfaces are on line timing and I tried free-running just on the off chance that it could imrpove the loss, but it gets worse.....back to line timing. I've even tried this on other CPE platforms like two different versions of Adtran CPEs and I get the same thing. Currently I have a new 2821 CPE in place and still get the same thing. Still see a brief amount of traffic loss up to 6-7 seconds or so at times.
7600 side:
interface Multilink592
ip vrf forwarding ******************
ip address *************************
load-interval 30
no peer neighbor-route
ppp multilink
ppp multilink group 592
ppp multilink fragment disable
no cdp enable
service-policy output VPN-TEMPLATE-2(code)
View 6 Replies
View Related
Apr 25, 2011
i have the following scenario :
ISP1-------ASA 5510----------ISP2
|
|
|
LAN
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.
View 7 Replies
View Related
Apr 20, 2011
Never seen a Cisco, or any other L3 switch before. Nor an Lx router. Any step by step,or class room or web based training, or a partner or Cisco helper to get us up to speed on this.Goal is to limit http and https traffic in favor of telnet to an AIX server and RDP to a Windows TS. Printing would be ahead of http/s and below the others.
Interstingly, the web site promises 9 videos, but there are only 8. The demo guide says about OoS: "Coming Soon".Where to go? Who(m) to call?
View 6 Replies
View Related
Mar 1, 2011
I have Site(s) Ani....i=1,..10 sites which communicate with site B to access a website/application. That's simple enough. However, the traffic is http well we primarily don't need https on ipsec tunnel right?. But since attacks related to eavesdropping of traffic come a real reality once it gets terminated by the ipsec device on both side.I have two options either to purchase a third-party ssl certificate to encrypt the traffic between two nodes or use a custom made one.I don't want to use a custom made one because this make the browser prompt an ugly untrusted certificate message; its ugly not from security perspective but for clients inconvenience and assuring users confidence in our systems is a critical issue for us. ?
a) How its possible to remove ugly certifcate message from user screen? Does the company need to register its certificate to some kind of CA body? or what ...
b) Due to some tcp acceleration issues, ssl traffic slows down the traffic between the nodes so we only require the encryption to stand just during the initial handshake when the username and password are being validated ; after that we want to revert back to http?
View 1 Replies
View Related
Jan 5, 2012
On a 2821 Router with 15.1(3)T1
I have an IPSec VPN and NAT configured. Return traffic from an internal NAT host seems to be blocked by the WAN inbound ACL. What is the proper way to allow return traffic from the Internet for this internat NAT host? Note: As a test, removing the deny entry on the WAN ACL allows return traffic.
View 7 Replies
View Related
Mar 26, 2012
On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:
-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?
View 4 Replies
View Related
Jul 12, 2011
Can the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.
View 2 Replies
View Related
Mar 14, 2012
I am trying to mark http packets from a web server with DSCP ef, but when I am doing a traffic capture all http packets have tos 0x0.I am able to mark UDP and ICMP packets originated from this server, but not any TCP traffic.The web server is in VLAN 20This is my config mls qos ip access-list extended MARK-HTTP-ACL permit tcp host 10.10.10.10 eq www. [code]
View 4 Replies
View Related
Dec 20, 2010
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
View 18 Replies
View Related
Oct 2, 2011
We have Cisco ASA 5505, 90.x.y.2/29 IP is assigned to outside interface. We have one internal HTTP server so that I use static (inside,outside) tcp interface [URL] to forward all incoming HTTP traffic to internal HTTP server 1. Now we need to add new physical HTTP server 2 so that I would like to forward
HTTP traffic to e.g. 90.x.y.3/29 to 172.16.0.11.
How can I do that? See scenario image (scenario.png) if needed.
View 6 Replies
View Related
Feb 13, 2011
I am using ASA5510 and i want to know if it is possible to redirect http traffic to an internal proxy software. I explain : PC from the LAN use a internal proxy in their IE browser but some other PC doesn't use it.They are directy connected to the Internet using the Public IP from the WAN interface ( via NAT). Can we redirected this HTTP Traffic from the WAN interface to the Proxy in the LAN ?
Http Traffic will be routed like that : PC -> WAN interface -> Proxy -> WAN interface -> Internet In fact,can we create a rule saying : All http traffic which doesn"t come from the IP Proxy must be redirected toward proxy.
View 6 Replies
View Related
Jul 18, 2011
I have a setup like this.
Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.
So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server.
That way it is transparent and then it is not needed to configure each computers browser settings.
I am pretty new to this and the router configurations.
The proxy server works fine if i configure the browser manually.
View 6 Replies
View Related
Jun 20, 2011
is this possible to configure HTTP traffic to ISP2 and Static NAT to ISP1 on ASA5520?
View 2 Replies
View Related
Aug 5, 2008
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
View 6 Replies
View Related
Jul 24, 2011
I am trying to set up my router to grant http traffic a minimum bandwidth of - for example - 5,000 kBit (if there is any http traffic).
So I set http min. rate to 5,000 while I set nntp min. rate to 1 However, when I run nntp downloads on several connections (e.g. 10) my single http download never goes above 1,000 kBit. Without any other connections I reach 8,000 kBit.
I am using a single 12 MBit line.
View 4 Replies
View Related
Mar 5, 2011
i have 2851 router and it is hanging when i login on it while it is hanging it gives me the following error message: [code]
View 2 Replies
View Related
Oct 30, 2011
I have 3 locations connected with MPLS connectivity … 2 mbps , 2 mbps branches and 4 mbps and I have Cisco 1841 router ?Last few days I am facing problem that Cisco 1841 router’s Lan port suddenly stop working and connectivity get disconnected.In this stage branch offices can reach up to CISCO 1841 WAN port.
( I have changed 2 different router assuming router problem but issues remain same, Hence No hardware problem )
View 3 Replies
View Related
Sep 4, 2012
I am working on a task of redirecting any unmatched http traffic to Symantec public transparent proxy through Cisco ASA. For the definition of uncatched http traffic, we have inbound squid servers for deploying IE proxy pac and redirect the http traffic to Symantec public transpraent proxy, however we can't deploy IE proxy pac to mobile device and non-support web browers.Since we have some application using IE proxy setting for direct http communication with external domains, the current symantec policy addes those domains in the exception list so that they are not redirect to Symantec public transparent proxy server.
-For the platform - Cisco ASA 5510 ASA 8.4(4)1
-For the solution, I have the following two nat rules
View 10 Replies
View Related
Dec 16, 2012
I have a 2911 router hanging/freezing at random times, could work fine for a week then crash, or sometimes, could only go a few hours, completely random with timing. The onyl fix is to manually pull the power and reinsert.When this happens, all services/access stop working, including nothing on console access.This was on 15.2.1.T1 which im aware, has a few bugs, so i upgraded to 15.2.1.T2.The issue continued, so I swapped out the 2911 with a brand new one. The issue is still present.
One interesting thing, is when the router crashes/freezes, all lights appear to remain on working as usual, but when i unplug any of the ethernet links, the lights still continue to remain flashing and on for the ethernet LEDs, even once i have fully removed the cat6 cable.
View 8 Replies
View Related
Oct 3, 2010
We've got a cisco 2821 router which periodically stops routing all traffic. It seems to happen about once every 2 weeks, and I can't find anything that could be causing it. There are no entries in the log and the router stays up and running but requires a restart to begin processing traffic again. We're running 12.4(13r)T11.Any thoughts, or troubleshooting steps to track this down?
View 7 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Sep 14, 2012
We have Cisco Prime 4.2 installed Windows 2008 R2 server, I am facing problem when I am going under Report>Fault & events or any other section, the browser gets stuck in loading page and become unresponsive. If I restrart the Daemon manager service it works fine for some time and again start giving problem in two or three hours time interval.I also face the same problem when I go to Admin > Job browser window.Does any one face the same problem,I have changed the host name of thserver using script and also generated new SSL certificate and I tried with diffrent browsers but problem is still persisting.
View 1 Replies
View Related
Oct 26, 2011
I'm running (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T4, RELEASE SOFTWARE (fc2) on a Cisco 7204VXR (NPE-G2). Currently, the router has about 200 VLANs configured on dot1q subinterfaces.
Now, the router hangs everytime we try to add a new Vlan.
Is there a well-known bug with the IOS version?
View 1 Replies
View Related
Sep 24, 2007
When I power on our ASA 5510 it just hangs on "Launching BootLoader...".
I've managed to get into ROMMON before it attempts to launch the bootloader and tried to restore an ASA image but it said disk0: failed to mount.I've copied the console output but am not sure if it is useful to diagnose the problem or not (and is quite long)
View 9 Replies
View Related
