Internet Sloww after enabling IPS on Cisco 5510

Similar Messages

• After enabling rewrite proxy -- performance very very poor

  Hi,
  I have installed Gateway on different machine and Protal server with rewriter on another machine.
  Wihtout rewriter proxy (10443) , the application was working very fast when I access through internet.
  After enabling rewriter proxy , the performance is very very poor. When I access the application from internet its taking 2 minutes to show the login page then for validation 3 minutes its taking.
  Could you please help me on this
  Thanks in Advance

  My ISP is Speakeasy.  (I'm in the process of switching to AT&T, though.)
  The only model number on the unit is WRT330N, so I'm not sure what other model number you mean.  (Do you mean the FCC number, which is Q87-WRT330N?  Or do you mean the serial number?)
  I'm running firmware version 1.00.4, which appears to be the latest version.  And my main computers are running Mac OS X.

• How to enable IPS IPS/IDS in cisco 2811

  Hi all,
  I have a Cisco 2811 with IOS Version 12.4(20)T and I need to enable IPS or IDS in this. What is the config for this?
  First of all, I need to know whether I can do IPS/IDS in my router as well..
  - Ribin

  Hi,
  I did enabled IPS in the router and configured to notify to our log server. Below is the log I received in my log server.
  What does IPS does now and what kind of logs I can expect?
  Thanks,
  Ribin
  Apr 19 14:53:38 192.168.11.10 4546: *Apr 19 09:27:41.254: %SYS-5-CONFIG_I: Configured from console by ribin on vty0 (192.168.11.35)
  Apr 19 18:04:29 192.168.11.10 4548: *Apr 19 12:38:32.601: %CRYPTO-6-IPSEC_USING_DEFAULT: IPSec is using default transforms
  Apr 19 18:12:10 192.168.11.10 4549: *Apr 19 12:46:14.541: %IPS-6-ENGINE_BUILDS_STARTED: 12:46:14 UTC Apr 19 2009
  Apr 19 18:12:10 192.168.11.10 4550: *Apr 19 12:46:14.541: %IPS-6-ENGINE_BUILDING: atomic-ip - 3 signatures - 1 of 13 engines
  Apr 19 18:12:10 192.168.11.10 4551: *Apr 19 12:46:14.557: %IPS-6-ENGINE_READY: atomic-ip - build time 16 ms - packets for this engine will be scanned
  Apr 19 18:12:10 192.168.11.10 4552: *Apr 19 12:46:14.557: %IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 16 ms

• Can't connect to the internet right after boot up

  Hey guys, I have an interesting problem in which if I try to use internet right after boot up (via scripts) I can't resolve host names. However, if I try to use the internet right after boot up manually I can resolve host names. I had this problem with a script but I've since rewrote it to work around the problem; however I now seem to have this problem with openVPN and I need this to work. I'll use openVPN as my primary example but the situation was the same for my script.
  Basically, openVPN starts up via systemd and it can't resolve my server's host name. Even 18 hours later. I have 'resolv-retry infinite' in my conf file which as I understand says 'if you can't resolve the host name keep trying to resolve it indefinitely'. I left my computer on overnight and openVPN still could not connect to my server, despite me being able to ping it, have MySQL get data dumps and replicate from it and other software being able to resolve the server's host name. If I restart openVPN, then it works! I rebooted the computer and let it try for a few minutes to connect and it couldn't. I restarted openVPN manually and it resolved the server's host name, 5 minutes after the computer booted up even though it couldn't connect on it's own the previous night.
  Here's openVPN's status as of this post:
  [email protected] - OpenVPN connection to client
  Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled)
  Active: active (running) since Thu 2013-05-02 14:10:02 MDT; 58min ago
  Process: 248 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i (code=exited, status=0/SUCCESS)
  Main PID: 254 (openvpn)
  CGroup: name=systemd:/system/[email protected]/client
  ââ254 /usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/client.conf --daemon openvpn@client
  May 02 15:07:52 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:07:57 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:02 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:07 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:12 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:17 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:22 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:27 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:32 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  May 02 15:08:37 CCH001 openvpn@client[254]: RESOLVE: Cannot resolve host address: my.server.com: Name or service not known
  Here is my conf file:
  # Sample client-side OpenVPN 2.0 config file #
  # for connecting to multi-client server. #
  # This configuration can be used by multiple #
  # clients, however each client should have #
  # its own cert and key files. #
  # On Windows, you might want to rename this #
  # file so it has a .ovpn extension #
  # Specify that we are a client and that we
  # will be pulling certain config file directives
  # from the server.
  client
  # Use the same setting as you are using on
  # the server.
  # On most systems, the VPN will not function
  # unless you partially or fully disable
  # the firewall for the TUN/TAP interface.
  ;dev tap
  dev tun
  # Windows needs the TAP-Win32 adapter name
  # from the Network Connections panel
  # if you have more than one. On XP SP2,
  # you may need to disable the firewall
  # for the TAP adapter.
  ;dev-node MyTap
  # Are we connecting to a TCP or
  # UDP server? Use the same setting as
  # on the server.
  ;proto tcp
  proto udp
  # The hostname/IP and port of the server.
  # You can have multiple remote entries
  # to load balance between the servers.
  remote my.server.com 1194
  ;remote my-server-2 1194
  # Choose a random host from the remote
  # list for load-balancing. Otherwise
  # try hosts in the order specified.
  ;remote-random
  # Keep trying indefinitely to resolve the
  # host name of the OpenVPN server. Very useful
  # on machines which are not permanently connected
  # to the internet such as laptops.
  resolv-retry infinite
  # Most clients don't need to bind to
  # a specific local port number.
  nobind
  # Downgrade privileges after initialization (non-Windows only)
  user nobody
  group nobody
  # Try to preserve some state across restarts.
  persist-key
  persist-tun
  # If you are connecting through an
  # HTTP proxy to reach the actual OpenVPN
  # server, put the proxy server/IP and
  # port number here. See the man page
  # if your proxy server requires
  # authentication.
  ;http-proxy-retry # retry on connection failures
  ;http-proxy [proxy server] [proxy port #]
  # Wireless networks often produce a lot
  # of duplicate packets. Set this flag
  # to silence duplicate packet warnings.
  ;mute-replay-warnings
  # SSL/TLS parms.
  # See the server config file for more
  # description. It's best to use
  # a separate .crt/.key file pair
  # for each client. A single ca
  # file can be used for all clients.
  ca ca.crt
  cert host.crt
  key host.key
  # Verify server certificate by checking
  # that the certicate has the nsCertType
  # field set to "server". This is an
  # important precaution to protect against
  # a potential attack discussed here:
  # http://openvpn.net/howto.html#mitm
  # To use this feature, you will need to generate
  # your server certificates with the nsCertType
  # field set to "server". The build-key-server
  # script in the easy-rsa folder will do this.
  ns-cert-type server
  # If a tls-auth key is used on the server
  # then every client must also have the key.
  tls-auth ta.key 1
  # Select a cryptographic cipher.
  # If the cipher option is used on the server
  # then you must also specify it here.
  ;cipher x
  # Enable compression on the VPN link.
  # Don't enable this unless it is also
  # enabled in the server config file.
  comp-lzo
  # Set log file verbosity.
  verb 3
  # Silence repeating messages
  ;mute 20
  Anyone have any idea what could be going on? It seems to me that when a program starts up it takes a snap shot of the current network status and it then uses it, even if it's 10 minutes later and the network has been fully loaded/configured, the program uses that snap shot and can't connect to the DNS.
  Last edited by anEveryDayGuy (2013-05-02 21:20:47)

  'Requires=network.target' wasn't in it so I added it but nothing's changed. I've left it in because openVPN does require network.
  As I said, I had this problem with a script so I don't think it's anything specific to openVPN. I had a weird occurrence this morning however. When I started the computer up this morning  openVPN worked just fine. However when the computer rebooted openVPN couldn't resolve the host address again.

• No internet access after bootup on some clients.

  Hi,
  Some of our client pc's do not have internet access after bootup in the morning. The quick solution is to login as administrator disable & re-enable the network adapter and than everything is fine for a few more days. There is nothing showing up in the
  event viewer and it doesn't always happen. 
  Can anyone advise on how best to track down the problem?
  Thanks.

  Cheers, I noticed that the DHCP role is installed but the service has stopped. When I start it, it stopped straight away.
  I think that's because the router has an ip address of 192.168.0.1 and sbs server currently has an ip address of 192.168.0.10. Do I have to change the router ip address to something else and set the server to 192.168.0.1?

• RV082 "router busy" information after enabling TrendMicro Web protection

  Hi,
  We have recently bought TrendMicro ProtectLink licences for our RV082 router. After enabling Web Protection (URL Filtering nad Web Reputation) on it, users inside local network began to recieve strange information (web page) during web browsing.
  The information says:
  "The router is very busy at the moment. Please try after a few minutes." You can press then OK or Retry - pressing OK do not help, the web page shows again "The router is very busy...".
  Our network consist of one server (MS Windows 2003 SBS) and less than 15 workstations (including PCs and laptops). When we disable Web Protection on RV082, everything is OK and web browsing do not generate such information.
  Anybody encountered such problem? Thank you in advance for your help.
  Łukasz

  Good Morning,
  Typically the Trend Micro Protect Link filtering will take all the request (floods) that come into it and block them.
  URL Overflow Control
  Temporarily block URL requests (This is the recommended setting)
  Temporarily bypass Trend Micro URL Filtering for requested URLs
  You can change the setting to bypass the request or look into the traffic that you are filtering.
  When you look at the log or counters what are you seeing the most blocks at.
  URL Overflow Control
  Temporarily block URL requests (Trend Micro recommended setting): Users will not be able to access the Internet until the current queue can accommodate more requests. Temporarily bypass Trend Micro URL verification for requested URLs: URL requests will temporarily bypass URL Filtering and Web Reputation Services. This could make your network vulnerable to threats.
  You might want to look to break that category down to allow some of the traffic or educate the staff on what is allowed on the Internet.
  I hope this helps out

• Cisco IOS IPS in Cisco 2921/k9 router

  Hi All,
  I have a router of Cisco 2921 series (C2921/K9) basic box with IP BAse IOS image (SL-29-IPB-K9 IOS). I would like to enable IOS Level IPS feature on this Router now. Based on the Cisco Document i have found i need to purchase an additonal subscripton license to enale the IPS feature. My querry is-
  Will it support on the Basic IP Base IOS or do i need to change the IOS?
  If i need to purchase the Subscription Licesne, how can i get the part number and cost for the same?
  Do i need to buy any addtional module for this like (NME-IPS-K9) ?
  Thanks in advance for your quick support
  regards
  Sunny

  Hi Sunny
  1. Yes you can enable IPS on IOS with the security license, without buying a subscription, but this would make little sense - new signatures are being released all the time so you would not be protected from recently discovered vulnerabilities/attacks.
  2. Correct, the modules and appliances run a different kind of software and are much more powerful
  3. If you add the module, you do NOT need the security license. It would still be advised to get a subscription license to get signature updates for the module.
  I hope this helps, let us know.
  regards
  Herbert
  jacob.samuel wrote:Dear Herbert,Thanks alot for the wonderful post. It clear most of my doubts. Still i kindly need to know few more points-1)  Cant we enable IPS Feature on 2921/K9 router (with Sec license or 2921Sec/K9 bundle) without signature subscription license (is it a must? it is for getting updates of signatures and for support only, right?)2)  I came to know from a distributor pre-sales engineer that the Cisco IOS Level Intrusion Protection is not going to provide the full feature of IPS like NME module or IPS Applinace. Is that right?3)  If i add NME-IPS-K9 Module to my 2921 Router, without enabling Sec License, can i enable IPS feature on the Router. Or is it a must that i need to buy Sec License (SL-29-SEC-K9)?Attaching the Datasheet of NME-IPS-K9 module (Page num 5 above Table 3) mentione as follows-Cisco IOS Software Feature Sets and ReleaseTable 3 lists the required Cisco IOS feature sets and releases for Cisco IPS AIM and IPS NME on the Cisco 1841,
  2800 and 3800 series Integrated Services Routers Note that, IPS NME on the Cisco 2900 and 3900 Integrated
  Services Routers does not require a Security Feature license.
  In that case if i buy a module i can install it on the 2921K9 box directly and can enable the IPS feature right? I dont need any License and additonal signature subscription here to enable the IPS feature (if i dont need signature updates and support) right?
  thanks alot for the support.
  regards
  Sunny

• 3 beeps at call start after enabling SRTP on SPA502G

  I use asterisk (Elastix 2.4) and Cisco SPA502G phones.
  After enabling SRTP on the phones I see that the traffic is encrypted but during every call there are 3 beeps at the beginning of the call. Probably this is to let me know that the call is encrypted but this is very irritating.
  Is there a way to disable the beeps and keep SRTP enabled.

  I told you - you are hearing Secure_Call_Indication_Tone. It's on Voice/Regional tab of device's web configuration page.
  You can reconfigure it to anything you wish - read aministrative guide for value syntax. For example
  397@-19,507@-19;5(0/2/0,.2/.1/1,.1/2.1/2)
  may fullfill your requirements.

• Error installing Adobe Flash 11 "launchfail" after enable AppLocker

  Error installing Adobe Flash 11 "launchfail" after enable AppLocker please help. I have allow everyone from publisher for .exe and .msi

  I'll ask around, but I don't have any experience with AppLocker.  Have you gone through all of the documentation here?
  http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx

• Open Directory: After enabling of SSL encryption the Open Directory server is not reachable anymore! What's wrong?

  After enabling of SSL encrypton on LDAP I can't connect anymore to the LDAB. I think the Lions Server supports now the SSL encrypton for Open Directory.

  .....

• After enabling cellular data, i am receiving mails even if disable "use cellular data for mail", due to this data usage usage use is more, if we have fix please let me know

  Phone Model and OS
  Model - iphone 5
  IOS 8.0.2
  Problem Description
  After enabling cellular data, i am receiving mails even if we disable "use cellular data for mail", due to this data usage usage use is more, if we have fix please let me know.
  Steps:
  1. Enable Cellular Data
  2. Disable mail on "use cellular data for mail
  3. check whether mail is received or not
  tried multiple times and i am getting more billing amount because of data usage

  Mail isn't the only app using data. Turning it off there has no effect whatsoever on whether the rest of iOS or other apps you have installed. In fact most apps use data these days, at a minimum for Notifications and often for gameplay and other features.

• Apple programs will not recognize Internet connection after Tiger upgrade

  In January, I posted the question below. I wanted to update it, but this site has archived it and will not allow responses. In the hope that I may help someone else, I am repeating my question, now that I have the answer.
  ===============================================
  ORIGINAL PROBLEM
  Last week, I upgraded from 10.3.9 to Tiger. Ever since then, I have had trouble using Apple's programs that require internet usage: Safari, iTunes, Software Update, etc. All of these programs think I am not connected to the Internet. But I am; I can use Netscape, Internet Explorer, and other non-Apple programs on the web.
  Furthermore, it's not consistent. Sometimes Safari will recognize the connection. I'll be using Safari, looking up websites, when suddenly it will quit connecting, giving me the message, "Cannot connect to the server," no matter what server it is, even apple.com (so I have to use Netscape to access my .Mac and this Support screen).
  How can I resolve this?
  ==============================================
  The problem was that my Earthlink Access software was setting a proxy on my connection. Netscape & Firefox worked because they ignore any proxies; the Apple programs (plus Shiira and Internet Explorer) didn't connect because they use the proxies.
  Why did it sometimes work? Well, if I first used Safari to go to a secure website of my bank, somehow that opened up the connection and then I could continue to use the Internet and Internet based programs like iTunes and widgets. However, if I tried to use an Internet-based program before going to the secure site, then it wouldn't work.
  After months of phone calls and e-mails and sending data packets and all such stuff with Apple Care, they finally stumbled upon this answer: Uncheck the proxy box. And that did it. At first I had to uncheck it every time I started up the computer, but now it stays unchecked and I can use my Apple programs with no trouble.
  I just wanted to share this with you in case you also had trouble with Internet connections after upgrading to Tiger, because I did see several other people had this same trouble.
  Movable flat-screen iMac G4   Mac OS X (10.4.6)   1.25Ghz processor, 256 MB memory (DDR SDRAM)

  For the record, could you state each Proxy box you ended up unchecking please? I'll attempt to submit a user tip with credit to you for finding this solution.

• Macbook pro does not boot after enabling Filevault

  macbook pro with OS 10.9.2 : after enabling encryption ran in to a problem and did not startup.
  did the followings:
  - loaded to recovery mode:  command-R
  - disk utility- verify disk> repair disk
  - tried to reinstall OS : did not work
  - re-partitioned the hard drive
  - tried to install it from bootable Mac os installation : it worked but after running the software update it did not start up again....
  - sent the mac to repair store to replace the hard drive with SSD  hard : they setup the hard with mac os 10.9.5
  - installed all the software update
  - enabled the file-vault " this time it finished the encryption but when started up and tried to login with user account it got frozen and did not work and so on ...
  - again tried to go to recovery mod and repair the hard and reinstall OS but it did not install the OS
  - had to again repartition the hard ...
  PS:  the macbook loads fine with the OS on External hard disk .
  this is really frustrating, can somebody tell me what's wrong with this mac why this issue happens after enabling encryption and why the issue is not gone even after reformatting the partition...

  I finally fixed the issue myself
  The macbook had a RAM issue:  Replaced the RAM and it is fine now.

• Dbwr consuming high CPU after enabling DirectIO

  Hi,
  DBWR is consuming high CPU. After enabling DirectIO on Solaris SPARC 10, dbwr is eating away almost 1 CPU on a v440 machine i.e. 19% throughout the day. Neither of "buffer busy waits" or "write complete waits" or "free buffer waits" are in the top 5 wait events, which, to me, means that there is no buffer contention.
  What I understand is that after enabling DirectIO, it takes longer for the IO to complete because pre-DirectIO it would return from the file system cache whereas now it has to return from the disk (and I do see at the OS level that IO has become slow), but should that result in dbwr consuming more CPU?
  Infact after enabling DirectIO, IO has become very slow which is another problem and as a result log file writes have also become slow which is a 3rd problem. btw, I am aware that if there were many FTS, then DirectIO can make the system slow but there are no FTS in my case. Also, that SGA should be increased after enabling DirectIO, which has also been done.
  Thanks

  user12022918 wrote:
  DBWR is consuming high CPU. After enabling DirectIO on Solaris SPARC 10, dbwr is eating away almost 1 CPU on a v440 machine i.e. 19% throughout the day. 19% is less than 1/5th of a CPU. Or are you referring to a 100% being all 4 CPUs?
  What I understand is that after enabling DirectIO, it takes longer for the IO to complete because pre-DirectIO it would return from the file system cache whereas now it has to return from the disk Incorrect. See directio for details.
  Yes, removing the file system cache from the I/O layer for a device can reduce I/O performance if the caller does not perform its own caching. However, direct I/O will eliminate the system cache overheads (and associated CPU resources needed) from a caller (like Oracle) that implements its own sophisticated buffer cache.
  Direct I/O should therefore increase Oracle I/O performance and decrease resource footprint as it eliminates the need for the kernel to maintain a cache for that device.
  Infact after enabling DirectIO, IO has become very slow which is another problem and as a result log file writes have also become slow which is a 3rd problem. Direct I/O, as per the Sun docs, is an advisory call. It may not place that device in direct I/O modes. It may result in partial direct I/O. So you need to make sure exactly what happens and how successful (partial or complete) this setting was.
  btw, I am aware that if there were many FTS, then DirectIO can make the system slow but there are no FTS in my case. FTS (multi block reads/large sequential reads) is slower? This is contrary to Sun's docs that state:
  Large sequential I/O generally performs best with DIRECTIO_ON, except when a file is sparse or is being extended and is opened with O_SYNC or O_DSYNC.

• After enabling iCloud, the calendar on my MacBook shows a window stating "moving calendar to server account. Then a box appears saying "server responded with an error message 403. Then another box shows "couldn't move calendar to iCloud, an error occurrre

  After enabling iCloud, the calendar on my MacBook shows a window stating "moving calendar to server account. Then a box appears saying "server responded with an error message 403. Then another box shows "couldn't move calendar to iCloud, an error occurrre

  iCloud's Calendar is full of errors and problems for me.  The "Couldn't move your calendars to iCloud because an error occurred" is now gone (by itself) but nothing syncs between my Mac's Calendar to iCloud or my iPhone to iCloud.
  I tried creating a new event directly on iCloud.com to see whether it pushes to any of my device and  got this "This event couldn't be created because of a server error; please try again." error.
  Apple, please fix this!!