velocità in dowload

[nat]

Un ciao a tutti ,ho configurato un 827-4V con una config presa da esempio ad una di wizard con ip inspect attivo
ok navigazione,solo che ho notato che scaricando un file da 600 mega la velocità si attesta sui 350 kb/sec, invece stessa
config su un 1841 download sempre sui 650 kb/sec, idem com un soho 77 no con ip inspect.ho provato ad aggiustare
con ip tcp adjust-mss 1452 sulla eth e dialer0 senza nessun risultato. inoltre ho notato un tempo magg. per le aperture delle pag con il 827. quali valori potrei modificare x migliorare?
posto una parte di config

ip tcp mss 1452
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip access-group 131 in
ip verify unicast reverse-path
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip mtu 1492
ip nat outside
ip inspect IDS out
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
no snmp trap link-status
no cdp enable
ppp pap sent-username aliceadsl password 7 050A0A0622494F0D0A09

[ciscomanagement]

Non è un buon modo per fare una giusta comparazione di velocità.
A quanto pare la tua velocita' di down e' sempre sui 650 al max, quindi dovresti avere una 7 mega.

Prova a scaricare un software di downloading manager tipo download accelerator o simili,anche stesso demo o freeware, e scarica quel file da 600MB, e vedi se con l'827 riesci ad arrivare a 650

[nat]

ciao ciscomanagement, grazie x la risposta, prima di postare ho fatto diverse prove in giorni diversi, ma sempre con lo stesso risultato,ho seguito
il tuo consiglio ed ho usato download accelerator stessa cosa mentre x il 1841 il dw si attesta sui 650/700 kb/sec, con il 827 non va oltre 400kb/sec.
saluti

[nat]

ho provato una config semplice solo l'acl x nat ,ora scarica a circa 700kb/sec
quindi penso che ci debba essere qualcosa nella config con ip inspect che fà rallentare, qualche idea?
ciao.

[ciscomanagement]

Invia pure il resto della tua config e riscrivi la dialer0 senza ip inspect e senza ip tcp header-compression, ip tcp adjust-mss 1452

[nat]

Ciao ciscomanagement ti finisco a postare la prima config con ip inspect e un’altra con acl normali che da la stessa minore velocità:

service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PPPoA
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging queue-limit 10000
logging buffered 150000 notifications
logging console critical
enable secret 5 $1$GFj1$ZefLJId78D8wisqC2DYhk1
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
no aaa new-model
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
ip domain name cisco.com
ip name-server 151.99.125.1
ip name-server 208.67.222.222
no ip bootp server
ip cef
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name IDS tcp
ip inspect name IDS udp
ip inspect name IDS ftp
login block-for 1 attempts 3 within 30
login on-failure
login on-success
interface Null0
no ip unreachables

poi la prima parte di config già postata

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 131 remark *************************************************************
access-list 131 remark *** ACL ANTI-SPOOFING ***
access-list 131 deny ip host 0.0.0.0 any log
access-list 131 deny ip 127.0.0.0 0.255.255.255 any log
access-list 131 deny ip 192.0.2.0 0.0.0.255 any log
access-list 131 deny ip 224.0.0.0 31.255.255.255 any log
access-list 131 deny ip 10.0.0.0 0.255.255.255 any log
access-list 131 deny ip 172.16.0.0 0.15.255.255 any log
access-list 131 deny ip 192.168.0.0 0.0.255.255 any log
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 permit icmp any any time-exceeded
access-list 131 permit icmp any any unreachable
access-list 131 permit icmp any any administratively-prohibited
access-list 131 permit icmp any any packet-too-big
access-list 131 permit icmp any any traceroute
access-list 131 deny icmp any any
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER BLOCCARE L'ACCESSO A VIRUS E ATTACCHI ***
access-list 131 deny tcp any any eq 135
access-list 131 deny udp any any eq 135
access-list 131 deny udp any any eq netbios-ns
access-list 131 deny udp any any eq netbios-dgm
access-list 131 deny tcp any any eq 139
access-list 131 deny udp any any eq netbios-ss
access-list 131 deny tcp any any eq 445
access-list 131 deny tcp any any eq 593
access-list 131 deny tcp any any eq 2049
access-list 131 deny udp any any eq 2049
access-list 131 deny tcp any any eq 2000
access-list 131 deny tcp any any range 6000 6010
access-list 131 deny udp any any eq 1433
access-list 131 deny udp any any eq 1434
access-list 131 deny udp any any eq 5554
access-list 131 deny udp any any eq 9996
access-list 131 deny udp any any eq 113
access-list 131 deny udp any any eq 3067
access-list 131 remark *************************************************************
access-list 131 remark *** ACL PER BLOCCARE ACCESSI NON AUTORIZZATI ***
access-list 131 deny ip any any log



Seconda config con acl



service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname PPPoA
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$gwMw$8JCdztIHbavgCA/yExsLE/
enable password 7 110A1016141D
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
no ip domain lookup
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip access-group 102 out
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip access-group 103 in
ip nat outside
encapsulation ppp
ip tcp header-compression passive
dialer pool 1
no cdp enable
ppp pap sent-username aliceadsl password 7 050A0A0622494F0D0A09
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 1200
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 4096
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.98 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.1.250 4663 interface Dialer0 4663
ip nat inside source static udp 192.168.1.250 4673 interface Dialer0 4673
ip nat inside source static tcp 192.168.1.98 55555 interface Dialer0 55555
ip nat inside source static udp 192.168.1.98 55556 interface Dialer0 55556
ip nat inside source static tcp 192.168.1.98 4662 interface Dialer0 4662
ip nat inside source static tcp 192.168.1.98 45594 interface Dialer0 45594
ip nat inside source static tcp 192.168.1.98 3389 interface Dialer0 3389
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit tcp host 192.168.1.98 any eq telnet log
access-list 101 deny tcp any any eq telnet log
access-list 102 permit tcp any any established
access-list 102 permit udp any any eq 1996 log
access-list 102 permit udp any any gt 1023
access-list 102 remark **********************************************************************
access-list 102 remark *** regole x EMULE***
access-list 102 permit tcp any any eq 4662
access-list 102 permit udp any any eq 4672
access-list 102 permit tcp any any eq 4663
access-list 102 permit udp any any eq 4673
access-list 102 remark **********************************************************************
access-list 102 remark *** regole x micro Torrent ***
access-list 102 permit tcp any any eq 45594
access-list 102 remark **********************************************************************
access-list 102 remark *** regole x Lphant ***
access-list 102 permit tcp any any eq 55555
access-list 102 permit udp any any eq 55556
access-list 102 remark **********************************************************************
access-list 102 remark *** regole x REMOTE DESKTOP Windows ***
access-list 102 permit tcp any any eq 3389 log
access-list 102 remark **********************************************************************
access-list 102 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any packet-too-big
access-list 102 deny icmp any any
access-list 103 remark *************************************************************
access-list 103 remark *** ACL ANTI-SPOOFING ***
access-list 103 deny ip host 0.0.0.0 any log
access-list 103 deny ip 127.0.0.0 0.255.255.255 any log
access-list 103 deny ip 192.0.2.0 0.0.0.255 any log
access-list 103 deny ip 224.0.0.0 31.255.255.255 any log
access-list 103 deny ip 10.0.0.0 0.255.255.255 any log
access-list 103 deny ip 172.16.0.0 0.15.255.255 any log
access-list 103 deny ip 192.168.0.0 0.0.255.255 any log
access-list 103 remark *************************************************************
access-list 103 remark *** ACL PER BLOCCARE L'ACCESSO A VIRUS E ATTACCHI ***
access-list 103 deny tcp any any eq 135
access-list 103 deny udp any any eq 135
access-list 103 deny udp any any eq netbios-ns
access-list 103 deny udp any any eq netbios-dgm
access-list 103 deny tcp any any eq 139
access-list 103 deny udp any any eq netbios-ss
access-list 103 deny tcp any any eq 445
access-list 103 deny tcp any any eq 593
access-list 103 deny tcp any any eq 2049
access-list 103 deny udp any any eq 2049
access-list 103 deny tcp any any eq 2000
access-list 103 deny tcp any any range 6000 6010
access-list 103 deny udp any any eq 1433
access-list 103 deny udp any any eq 1434
access-list 103 deny udp any any eq 5554
access-list 103 deny udp any any eq 9996
access-list 103 deny udp any any eq 113
access-list 103 deny udp any any eq 3067
access-list 103 permit ip any any
access-list 103 remark *************************************************************
dialer-list 1 protocol ip permit

da premettere che questa config con acl con un soho 77 si comporta bene
saluti