Cisco IOS NAT with Emule and Bittorrent

Unanswered Question
Apr 23rd, 2008
User Badges:
  • Silver, 250 points or more

I have a Cisco 2621 running IOS version

c2600-ik9o3s3-mz.123-24a.bin


The setup is a very simple one. I have

a Windows XP sitting behind the Cisco 2621.

On the Windows XP, I run Emule and Bit

Torrent on the WinXP box. After about

an hour, the Cisco 2621 freezed up and

became un-responsive. The only solution

is to manually turn OFF/ON the power

button on the 2621 router.


Here is my configuration on the router:


interface F0/0

ip address 4.2.2.2 255.255.255.248

speed 100

dup full

ip nat outside


interface F0/1

ip address 192.168.1.1 255.255.255.0

speed 100

duplex full

ip nat inside


access-list 100 permit ip 192.168.1.0 0.0.0.255 any


ip nat inside source list 100 interface F0/0 overload


I have a 30Mbps download and 5Mbps upload. When the router is running

the # of NAT translation is about 200 and

the throughput is about 5Mbps download and 2Mbps upload.


What could be the issue that makes the router locked up after an hour. If I

stop emule and bit torrent, the router

can stay up and running for days without

issues.


Last but not least, if I replace the

Cisco 2621 with a Checkpoint NGx R65

Secureplatform firewall, I have no such issue.


When the rourer is up and running with

emule and bit torrent prior to locking up, cpu is about 40% and memory is about

75% utilization.


Any ideas anyone? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Tue, 04/29/2008 - 08:49
User Badges:
  • Silver, 250 points or more

You can create an ACL on the router to block P2P ports such as 6881 (Bittorrent). Following link may help you

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/ps6242/prod_white_paper0900aecd802efa46.html

You can use NBAR within IOS to block bittorrent. Here's an example of how to do it:

http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/

cisco24x7 Tue, 04/29/2008 - 08:54
User Badges:
  • Silver, 250 points or more

I do NOT want to block Bittorrent or Emule. I

want to allow Bittorrent. I just do not want

Bittorrent or Emule to freeze up the router.


I do not have this issue with Checkpoint

firewall NGx R65. With IOS router, the router

locks up.


Any ideas on how to fix this?

Actions

This Discussion