1. Home
  2. Cisco Systems
  3. Slow access to internal web server

Slow access to internal web server

Hi all,

I have recently purchased and set up a Cisco 837 ADSL router for home, and I have managed all the config but I have one problem remaining.

My ADSL speed is 8mbit down, half megabit up. I have set up port forwarding to a machine on my LAN which I use as a web server, but the speed when accessing this server from the Internet is far too slow (around 50-200 bytes/second when it should do 50 kilobytes/sec). This occurs at all times of day and from different places so is a persistent problem. The download speeds are fine from the LAN, I get around 700kilobytes/sec which is what I got on the old router. I also set up SSH port forwarding to the same machine and using SSH from the Internet seems fine and not sluggish at all, so it seems to be just web.

I tried turning off the router's built in http server in case that was confusing things, but that didn't help. I also tried setting the 'bandwidth' value for Dialer0 but that didn't help either. I have not applied any sort of traffic shaping or rate limiting commands, and on my old routers (various free ones from ISPs) I've always got the expected 50kilobytes/sec off the server using the same setup, so I think I've gone wrong somewhere with the config.

The show run is below, I'm hoping someone can help and this is something obvious as this is the only problem to iron out! I set up a lot of Cisco switches at work but I'm new to the routing side of things!

Thanks,

Ian.

Current configuration : 3919 bytes ! ! Last configuration change at 12:32:28 UTC Fri May 11 2007 by admin ! NVRAM config last updated at 12:31:42 UTC Fri May 11 2007 by admin ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname router.lan ! enable secret 5 foo ! username admin access-class 15 password 7 foo no aaa new-model ip subnet-zero no ip source-route ip domain name router.lan ip name-server 192.168.0.1 ip name-server 194.72.0.98 ip name-server 194.74.65.68 ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool CLIENT import all network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 lease 0 2 ! ! no ip bootp server ip inspect name Dialer_0 tcp ip inspect name Dialer_0 udp ip inspect name Dialer_0 cuseeme ip inspect name Dialer_0 ftp ip inspect name Dialer_0 h323 ip inspect name Dialer_0 rcmd ip inspect name Dialer_0 realaudio ip inspect name Dialer_0 streamworks ip inspect name Dialer_0 vdolive ip inspect name Dialer_0 sqlnet ip inspect name Dialer_0 tftp ip audit notify log ip audit po max-events 100 ip ssh time-out 60 no ftp-server write-enable ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 ip address 192.168.0.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip tcp adjust-mss 1452 no cdp enable hold-queue 100 out ! interface ATM0 no ip address ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet1 description yoda no ip address duplex auto speed auto ! interface FastEthernet2 description office uplink no ip address duplex auto speed auto ! interface FastEthernet3 description bedroom (wap) uplink no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 bandwidth 7616 ip address negotiated ip access-group 101 in ip mtu 1452 ip nat outside ip inspect Dialer_0 out encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname foo ppp chap password 7 foo ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.5 80 interface Dialer0 81 ip nat inside source static tcp 192.168.0.6 22 interface Dialer0 22 ip nat inside source static tcp 192.168.0.6 80 interface Dialer0 80 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http authentication local ip http secure-server ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 101 remark Traffic allowed to enter the router from Internet access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq 81 access-list 101 permit udp any eq isakmp any eq isakmp access-list 101 permit gre any any access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big ip nat inside source static tcp 192.168.0.6 22 interface Dialer0 22 ip nat inside source static tcp 192.168.0.6 80 interface Dialer0 80 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http authentication local ip http secure-server ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 101 remark Traffic allowed to enter the router from Internet access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq 81 access-list 101 permit udp any eq isakmp any eq isakmp access-list 101 permit gre any any access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any administratively-prohibited access-list 101 permit icmp any any echo access-list 101 deny ip any any log dialer-list 1 protocol ip permit no cdp run ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 120 0 privilege level 15 login local transport input telnet ! scheduler max-task-time 5000 ! end

Reply to
ianatkinsonbsc
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.