Cisco 1801 K9 e navigazione "a singhiozzo"
Inviato: sab 18 ott , 2014 3:59 pm
Buonasera a tutti.
Ho uno "strano" problema con un 1801 e una ADSL 20 mega Alice.
In sostanza dopo aver configurato tutto (anche le VPN) ho due problemi.
1) L'interfaccia ATM0 parte in stato di shut dopo ogni riavvio e devo farla ripartire a mano dando il no shut
2) Sulla navigazione web (e solo su quella) va tutto a intermittenza. Alcuni momenti le pagine vengono aperte rapidamente e molto altre restano in attesa spesso andando in timeout.
I servizi interni sembrano invece non avere problemi (un web server interno non mostra problemi per capirci).
Vi allego lo show run
Current configuration : 6330 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$qu5S$Wpo2fE00Hm8/y4v5JjZBj1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login xauthlist local
aaa authentication login VTY local
aaa authorization exec VTY local
aaa authorization network groupauthor local
!
aaa attribute list login
attribute type priv-lvl 15 service shell mandatory
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-2763146186
!
!
crypto pki certificate chain TP-self-signed-xxx
certificate self-signed 01
quit
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.10
ip dhcp excluded-address 10.0.1.200
ip dhcp excluded-address 10.0.1.50
ip dhcp excluded-address 10.0.1.60
ip dhcp excluded-address 10.0.1.101
ip dhcp excluded-address 10.0.1.20
ip dhcp excluded-address 10.0.2.1
ip dhcp excluded-address 10.0.2.105
!
ip dhcp pool WIRED
network 10.0.1.0 255.255.255.0
default-router 10.0.1.10
dns-server 10.0.1.200 8.8.8.8
domain-name asgard.ofc
!
ip dhcp pool WIRELESS
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.2.1
!
!
ip domain name DOMINIO.OFC
ip name-server 10.0.1.200
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username REMOTEADMIN privilege 15 secret 5 xxx
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-USERS
key xxx
dns 10.0.1.200
wins 10.0.1.200
domain DOMAIN.ofc
pool ippool
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
switchport access vlan 10
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
mtu 1500
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode adsl2+
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.0.1.10 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Vlan20
ip address 10.0.2.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username aliceadsl password 0 aliceadsl
crypto map clientmap
!
router rip
version 2
network 10.0.0.0
!
ip local pool ippool 10.16.20.1 10.16.20.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static tcp 10.0.2.105 1935 interface Dialer0 1935
ip nat inside source static udp 10.0.2.105 3479 interface Dialer0 3479
ip nat inside source static udp 10.0.2.105 3478 interface Dialer0 3478
ip nat inside source static tcp 10.0.2.105 3479 interface Dialer0 3479
ip nat inside source static tcp 10.0.2.105 3480 interface Dialer0 3480
!
access-list 22 permit 10.16.20.0
access-list 22 permit 10.0.1.60
access-list 22 permit 10.0.1.50
access-list 22 permit 10.0.2.50
access-list 22 permit 10.16.20.0 0.0.0.255
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 150 remark *** SPLITTUNNEL ***
access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
end
Ho uno "strano" problema con un 1801 e una ADSL 20 mega Alice.
In sostanza dopo aver configurato tutto (anche le VPN) ho due problemi.
1) L'interfaccia ATM0 parte in stato di shut dopo ogni riavvio e devo farla ripartire a mano dando il no shut
2) Sulla navigazione web (e solo su quella) va tutto a intermittenza. Alcuni momenti le pagine vengono aperte rapidamente e molto altre restano in attesa spesso andando in timeout.
I servizi interni sembrano invece non avere problemi (un web server interno non mostra problemi per capirci).
Vi allego lo show run
Current configuration : 6330 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$qu5S$Wpo2fE00Hm8/y4v5JjZBj1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login xauthlist local
aaa authentication login VTY local
aaa authorization exec VTY local
aaa authorization network groupauthor local
!
aaa attribute list login
attribute type priv-lvl 15 service shell mandatory
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-2763146186
!
!
crypto pki certificate chain TP-self-signed-xxx
certificate self-signed 01
quit
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.10
ip dhcp excluded-address 10.0.1.200
ip dhcp excluded-address 10.0.1.50
ip dhcp excluded-address 10.0.1.60
ip dhcp excluded-address 10.0.1.101
ip dhcp excluded-address 10.0.1.20
ip dhcp excluded-address 10.0.2.1
ip dhcp excluded-address 10.0.2.105
!
ip dhcp pool WIRED
network 10.0.1.0 255.255.255.0
default-router 10.0.1.10
dns-server 10.0.1.200 8.8.8.8
domain-name asgard.ofc
!
ip dhcp pool WIRELESS
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.2.1
!
!
ip domain name DOMINIO.OFC
ip name-server 10.0.1.200
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username REMOTEADMIN privilege 15 secret 5 xxx
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-USERS
key xxx
dns 10.0.1.200
wins 10.0.1.200
domain DOMAIN.ofc
pool ippool
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
switchport access vlan 10
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
mtu 1500
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode adsl2+
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.0.1.10 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Vlan20
ip address 10.0.2.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username aliceadsl password 0 aliceadsl
crypto map clientmap
!
router rip
version 2
network 10.0.0.0
!
ip local pool ippool 10.16.20.1 10.16.20.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static tcp 10.0.2.105 1935 interface Dialer0 1935
ip nat inside source static udp 10.0.2.105 3479 interface Dialer0 3479
ip nat inside source static udp 10.0.2.105 3478 interface Dialer0 3478
ip nat inside source static tcp 10.0.2.105 3479 interface Dialer0 3479
ip nat inside source static tcp 10.0.2.105 3480 interface Dialer0 3480
!
access-list 22 permit 10.16.20.0
access-list 22 permit 10.0.1.60
access-list 22 permit 10.0.1.50
access-list 22 permit 10.0.2.50
access-list 22 permit 10.16.20.0 0.0.0.255
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 150 remark *** SPLITTUNNEL ***
access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
end