IOS Firewall and some slow websites

Unanswered Question
Sep 19th, 2008
User Badges:

I'm running IOS firewall on 2 different routers. A 2851 and a 2821. Both are running 12.4(3g) Adv Sec images. Both routers are connected to an internal WAN and also to an external ISP such as a cable modem. They also have LAN interfaces. Default gateway is the "outside" interface connected to the cable modems.

At both sites which are geographically dispersed I'm having very slow response from some websites. In particular If we connect a laptop directly to the cable modem it works fine. If we reroute the default gateway across the WAN to the HQ it works fine. The only time it's slow is when we're routing through the IOS firewall locally at each site. Accessing most sites is ok, it's just a couple that take a very long time (if ever) to finish loading.

I've tried removing the inspect statement from the inside interface. I've tried removing the http inspect statement specifically. I've even tried changing the MTU's to 1492. Even tried changing the NAT translation finrst-timeout to 3600! Nothing is making a difference.

Any suggestions on how to fix this? Or better yet, any debugging I can do?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sbrooke Tue, 09/23/2008 - 05:14
User Badges:

Sorry but I can't post the entire config. I might be able to post snippets. What would be useful?

I did try upgrading to 12.4.21 and had the same result.


This Discussion