Re: Cisco IOS NAT with Emule and Bittorrent

cisco24x7 · ‎04-23-2008

I have a Cisco 2621 running IOS version

c2600-ik9o3s3-mz.123-24a.bin

The setup is a very simple one. I have

a Windows XP sitting behind the Cisco 2621.

On the Windows XP, I run Emule and Bit

Torrent on the WinXP box. After about

an hour, the Cisco 2621 freezed up and

became un-responsive. The only solution

is to manually turn OFF/ON the power

button on the 2621 router.

Here is my configuration on the router:

interface F0/0

ip address 4.2.2.2 255.255.255.248

speed 100

dup full

ip nat outside

interface F0/1

ip address 192.168.1.1 255.255.255.0

speed 100

duplex full

ip nat inside

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 interface F0/0 overload

I have a 30Mbps download and 5Mbps upload. When the router is running

the # of NAT translation is about 200 and

the throughput is about 5Mbps download and 2Mbps upload.

What could be the issue that makes the router locked up after an hour. If I

stop emule and bit torrent, the router

can stay up and running for days without

issues.

Last but not least, if I replace the

Cisco 2621 with a Checkpoint NGx R65

Secureplatform firewall, I have no such issue.

When the rourer is up and running with

emule and bit torrent prior to locking up, cpu is about 40% and memory is about

75% utilization.

Any ideas anyone? Thanks.

ebreniz · ‎04-29-2008

You can create an ACL on the router to block P2P ports such as 6881 (Bittorrent). Following link may help you

You can use NBAR within IOS to block bittorrent. Here's an example of how to do it:

cisco24x7 · ‎04-29-2008

I do NOT want to block Bittorrent or Emule. I

want to allow Bittorrent. I just do not want

Bittorrent or Emule to freeze up the router.

I do not have this issue with Checkpoint

firewall NGx R65. With IOS router, the router

locks up.

Any ideas on how to fix this?