cisco firewall disrupts video streaming

Discussion in 'Cisco' started by tg, Aug 30, 2008.

  1. tg

    tg Guest

    Cisco 2651XM router
    IOS = C2600-ADVSECURITYK9-M, Version 12.4(9)T1

    I have a problem viewing youtube videos that I think might have something to do with the
    firewall in my cisco router. I used the SDM wizard to start up its 'basic' pre-configured
    firewall and since then I get only the first few minutes of a video and then the stream
    stops. This didn't used to happen before I initiated the firewall.
    Is this because youtube are trying to pull info off my hard drive while streaming the
    video?
    I don't want to switch the firewall off because I like its protection but maybe I can
    tweak it to solve this problem.
    Below is my running config, sorry it's long, thanks for any pointers.

    ---------------------

    router#show running-config
    Building configuration...

    Current configuration : 10873 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    no logging console
    enable secret 5 ???????????????????????????
    enable password ????????????????
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authorization network sdm_vpn_group_ml_1 local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone gmt 1
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip cef
    !
    !
    ip port-map user-protocol--2 port udp 11042
    ip port-map user-protocol--3 port udp 5558
    ip port-map user-protocol--1 port tcp 9797
    ip port-map user-protocol--4 port tcp 26578
    no ip dhcp use vrf connected
    !
    ip dhcp pool home
    network 172.16.0.0 255.255.0.0
    dns-server ??????????????????????
    default-router 172.16.1.30
    lease 7
    !
    !
    ip name-server ??????????????
    ip name-server ??????????????
    !
    parameter-map type protocol-info msn-servers
    server name messenger.hotmail.com
    server name gateway.messenger.hotmail.com

    parameter-map type protocol-info aol-servers
    server name login.oscar.aol.com
    server name toc.oscar.aol.com
    server name oam-d09a.blue.aol.com

    parameter-map type protocol-info yahoo-servers
    server name scs.msg.yahoo.com
    server name scsa.msg.yahoo.com
    server name scsb.msg.yahoo.com
    server name scsc.msg.yahoo.com
    server name scsd.msg.yahoo.com
    server name cs16.msg.dcn.yahoo.com
    server name cs19.msg.dcn.yahoo.com
    server name cs42.msg.dcn.yahoo.com
    server name cs53.msg.dcn.yahoo.com
    server name cs54.msg.dcn.yahoo.com
    server name ads1.vip.scd.yahoo.com
    server name radio1.launch.vip.dal.yahoo.com
    server name in1.msg.vip.re2.yahoo.com
    server name data1.my.vip.sc5.yahoo.com
    server name address1.pim.vip.mud.yahoo.com
    server name edit.messenger.yahoo.com
    server name messenger.yahoo.com
    server name http.pager.yahoo.com
    server name privacy.yahoo.com
    server name csa.yahoo.com
    server name csb.yahoo.com
    server name csc.yahoo.com

    parameter-map type regex sdm-regex-nonascii
    pattern [^\x00-\x80]

    !
    !
    !
    username easyvpn secret 5 ????????????????????????
    !
    !
    class-map type inspect smtp match-any sdm-app-smtp
    match data-length gt 5000000
    class-map type inspect match-all sdm-nat-user-protocol--4-1
    match access-group 104
    match protocol user-protocol--4
    class-map type inspect match-all sdm-nat-user-protocol--3-1
    match access-group 103
    match protocol user-protocol--3
    class-map type inspect http match-any sdm-app-nonascii
    match req-resp header regex sdm-regex-nonascii
    class-map type inspect match-all sdm-nat-user-protocol--2-1
    match access-group 102
    match protocol user-protocol--2
    class-map type inspect match-all sdm-nat-user-protocol--1-1
    match access-group 101
    match protocol user-protocol--1
    class-map type inspect imap match-any sdm-app-imap
    match invalid-command
    class-map type inspect match-any sdm-cls-protocol-p2p
    match protocol edonkey signature
    match protocol gnutella signature
    match protocol kazaa2 signature
    match protocol fasttrack signature
    match protocol bittorrent signature
    class-map type inspect match-any sdm-cls-insp-traffic
    match protocol dns
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol tcp
    match protocol udp
    class-map type inspect match-all sdm-insp-traffic
    match class-map sdm-cls-insp-traffic
    class-map type inspect match-all sdm-protocol-pop3
    match protocol pop3
    class-map type inspect match-any sdm-cls-icmp-access
    match protocol icmp
    match protocol tcp
    match protocol udp
    class-map type inspect match-any sdm-cls-protocol-im
    match protocol ymsgr yahoo-servers
    match protocol aol aol-servers
    class-map type inspect pop3 match-any sdm-app-pop3
    match invalid-command
    class-map type inspect match-all sdm-protocol-p2p
    match class-map sdm-cls-protocol-p2p
    class-map type inspect http match-any sdm-http-blockparam
    match request port-misuse im
    match request port-misuse p2p
    match request port-misuse tunneling
    match req-resp protocol-violation
    class-map type inspect match-all sdm-protocol-im
    match class-map sdm-cls-protocol-im
    class-map type inspect match-all sdm-icmp-access
    match class-map sdm-cls-icmp-access
    class-map type inspect match-all sdm-invalid-src
    match access-group 100
    class-map type inspect http match-any sdm-app-httpmethods
    match request method bcopy
    match request method bdelete
    match request method bmove
    match request method bpropfind
    match request method bproppatch
    match request method connect
    match request method copy
    match request method delete
    match request method edit
    match request method getattribute
    match request method getattributenames
    match request method getproperties
    match request method index
    match request method lock
    match request method mkcol
    match request method mkdir
    match request method move
    match request method notify
    match request method options
    match request method poll
    match request method post
    match request method propfind
    match request method proppatch
    match request method put
    match request method revadd
    match request method revlabel
    match request method revlog
    match request method revnum
    match request method save
    match request method search
    match request method setattribute
    match request method startrev
    match request method stoprev
    match request method subscribe
    match request method trace
    match request method unedit
    match request method unlock
    match request method unsubscribe
    class-map type inspect match-all sdm-protocol-http
    match protocol http
    class-map type inspect match-all sdm-protocol-smtp
    match protocol smtp
    class-map type inspect match-all sdm-protocol-imap
    match protocol imap
    !
    !
    policy-map type inspect sdm-permit-icmpreply
    class type inspect sdm-icmp-access
    inspect
    class class-default
    pass
    policy-map type inspect sdm-pol-NATOutsideToInside-1
    class type inspect sdm-nat-user-protocol--1-1
    inspect
    class type inspect sdm-nat-user-protocol--2-1
    inspect
    class type inspect sdm-nat-user-protocol--3-1
    inspect
    class type inspect sdm-nat-user-protocol--4-1
    inspect
    class class-default
    policy-map type inspect http sdm-action-app-http
    class type inspect http sdm-http-blockparam
    log
    reset
    class type inspect http sdm-app-httpmethods
    log
    reset
    class type inspect http sdm-app-nonascii
    log
    reset
    class class-default
    policy-map type inspect smtp sdm-action-smtp
    class type inspect smtp sdm-app-smtp
    reset
    class class-default
    policy-map type inspect imap sdm-action-imap
    class type inspect imap sdm-app-imap
    log
    reset
    class class-default
    policy-map type inspect pop3 sdm-action-pop3
    class type inspect pop3 sdm-app-pop3
    log
    reset
    class class-default
    policy-map type inspect sdm-inspect
    class type inspect sdm-invalid-src
    drop log
    class type inspect sdm-protocol-http
    inspect
    service-policy http sdm-action-app-http
    class type inspect sdm-protocol-smtp
    inspect
    service-policy smtp sdm-action-smtp
    class type inspect sdm-protocol-imap
    inspect
    service-policy imap sdm-action-imap
    class type inspect sdm-protocol-pop3
    inspect
    service-policy pop3 sdm-action-pop3
    class type inspect sdm-protocol-p2p
    drop log
    class type inspect sdm-protocol-im
    drop log
    class type inspect sdm-insp-traffic
    inspect
    class class-default
    policy-map type inspect sdm-permit
    class class-default
    !
    zone security out-zone
    zone security in-zone
    zone-pair security sdm-zp-self-out source self destination out-zone
    service-policy type inspect sdm-permit-icmpreply
    zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zo
    ne
    service-policy type inspect sdm-pol-NATOutsideToInside-1
    zone-pair security sdm-zp-out-self source out-zone destination self
    service-policy type inspect sdm-permit
    zone-pair security sdm-zp-in-out source in-zone destination out-zone
    service-policy type inspect sdm-inspect
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group workgroup
    key ?????????
    pool SDM_POOL_1
    crypto isakmp profile sdm-ike-profile-1
    match identity group workgroup
    client authentication list sdm_vpn_xauth_ml_1
    isakmp authorization list sdm_vpn_group_ml_1
    client configuration address respond
    virtual-template 1
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto ipsec profile SDM_Profile1
    set transform-set ESP-3DES-SHA
    set isakmp-profile sdm-ike-profile-1
    !
    !
    !
    !
    !
    interface ATM0/0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0/0
    description $FW_INSIDE$
    ip address 172.16.1.30 255.255.0.0
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    speed auto
    half-duplex
    no mop enabled
    !
    interface FastEthernet0/1
    ip address dhcp client-id FastEthernet0/1
    shutdown
    duplex auto
    speed auto
    !
    interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet0/0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile SDM_Profile1
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated previous
    no ip redirects
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 0
    dialer persistent
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname ??????????????
    ppp chap password 0 ??????????????
    !
    ip local pool SDM_POOL_1 172.16.1.20 172.16.1.29
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    no ip http secure-server
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 172.16.1.15 9797 interface Dialer0 9797
    ip nat inside source static udp 172.16.1.15 11042 interface Dialer0 11042
    ip nat inside source static udp 172.16.1.14 5558 interface Dialer0 5558
    ip nat inside source static tcp 172.16.1.14 26578 interface Dialer0 26578
    !
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 172.16.0.0 0.0.255.255
    access-list 100 remark SDM_ACL Category=128
    access-list 100 permit ip host 255.255.255.255 any
    access-list 100 permit ip 127.0.0.0 0.255.255.255 any
    access-list 101 remark SDM_ACL Category=0
    access-list 101 permit ip any host 172.16.1.15
    access-list 102 remark SDM_ACL Category=0
    access-list 102 permit ip any host 172.16.1.15
    access-list 103 remark SDM_ACL Category=0
    access-list 103 permit ip any host 172.16.1.14
    access-list 104 remark SDM_ACL Category=0
    access-list 104 permit ip any host 172.16.1.14
    dialer-list 1 protocol ip permit
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password ??????????
    !
    ntp clock-period 17208196
    ntp server 212.13.194.96
    ntp server 212.13.194.71
    ntp server 212.13.194.87
    ntp server 62.84.188.34
    !
    end

    router#
     
    tg, Aug 30, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. senoj

    Streaming video

    senoj, Jul 15, 2004, in forum: Firefox
    Replies:
    17
    Views:
    854
    Leonidas Jones
    Jul 30, 2004
  2. Guy Quinn

    Streaming Audio/Video Crashes DSL/Cable Connection

    Guy Quinn, Dec 31, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    709
    Guy Quinn
    Dec 31, 2005
  3. Garry Glendown

    BGP disconnect disrupts MPLS

    Garry Glendown, Feb 21, 2005, in forum: Cisco
    Replies:
    2
    Views:
    489
    Ivan OstreŇ°
    Mar 4, 2005
  4. S

    wireless disrupts wired???

    S, May 15, 2008, in forum: Wireless Networking
    Replies:
    3
    Views:
    640
    Phillip Windell
    May 16, 2008
  5. walter

    Blizzard Disrupts Global Warming Rally

    walter, Mar 3, 2009, in forum: Computer Support
    Replies:
    14
    Views:
    948
    The Stone Crusher
    May 13, 2009
Loading...

Share This Page