IOS Firewall and some slow websites

sbrooke · ‎09-19-2008

I'm running IOS firewall on 2 different routers. A 2851 and a 2821. Both are running 12.4(3g) Adv Sec images. Both routers are connected to an internal WAN and also to an external ISP such as a cable modem. They also have LAN interfaces. Default gateway is the "outside" interface connected to the cable modems.

At both sites which are geographically dispersed I'm having very slow response from some websites. In particular www.enterprise.com. If we connect a laptop directly to the cable modem it works fine. If we reroute the default gateway across the WAN to the HQ it works fine. The only time it's slow is when we're routing through the IOS firewall locally at each site. Accessing most sites is ok, it's just a couple that take a very long time (if ever) to finish loading.

I've tried removing the inspect statement from the inside interface. I've tried removing the http inspect statement specifically. I've even tried changing the MTU's to 1492. Even tried changing the NAT translation finrst-timeout to 3600! Nothing is making a difference.

Any suggestions on how to fix this? Or better yet, any debugging I can do?

Thanks!

mj11 · ‎09-20-2008

Hi

Are you able to post your config, I would also try upgrading your IOS. Also could you run the following:

debug ip inspect detail

Regards MJ

sbrooke · ‎09-23-2008

Sorry but I can't post the entire config. I might be able to post snippets. What would be useful?

I did try upgrading to 12.4.21 and had the same result.