Hindering Download Speed With Cisco Router

My understanding is that you've resolved your problem by disabling your IDS;

I'm a bit concerned about the fact only 10% of your CPU was being occupied when IDS was on, and by disabling it, you managed to get full speed....

I've had some bad experiences with routers connecting to incompatible/problematic DSLAMS which as a result would allow only a max of 5-15 kb/sec on a 1 Mbit ADSL connection!

In one particular case, the customer had a Cisco 876 and when I replaced it with a 836, the darn thing would work like a charm!

- Go figure!

I'm Suprised that anything on your network works with that router. Someone wrote an ACL that deny's anything. Take a look closely at it...

access-list 2 deny any

Now I was taught in CCNA 2 last semester that if you were to do that, nothing would work. jwj or an admin, could you clarify that for me? ACL's are probably going to be in the CCNA 4 course, so I need to know some of this stuff.

One thing to keep in mind with access lists is that they go in sequential order. So let's look at access list 2.

[code:1]access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 deny any[/code:1]

The first two lines are remarks or "comments" to let whoever is administering the router to get an idea of what the purpose of the ACL.

As the packet it received by the router, before it is forwarded, it is processed by the access list(s). It starts from the top, and goes until it matches a line. So, if a packet with a destination or source IP address of 10.10.10.0/24 is received, it will be filtered by access list 2 until the line permit 10.10.10.0 0.0.0.255. At this point, you can see the match, so it no longer goes through the access list and is forwarded. If the packet is from 192.168.200.0/24, it would go to the next line, deny any. The deny any is the catch all, and prevents anything else from getting through. Because it reached this pointed, the packet will be dropped.

Generally, you'll want to explicitly permit what you want to get through, and deny any thing else. That's why the deny any line is at the bottom of access lists. Access lists can get very complex, especially the more complex your network is. You'll be sure to learn this more in your later classes.

Ah...OK. I never really think about the order in which they are placed in. That makes sense. Thanks.

Did you try enabling the ips only on the external interface for inbound only? I know this isn't being a good Internet neighbor, but I'm also concerned that you’re seeing a speed hit from using the IPS. I have a 870 on order now and I can't wait, and this is one of the features I bought it for/plus QoS. It should work!

Maybe try an IOS upgrade to: Version 12.4(4)T

Also you have int fast 4 with a description of your wan interface, isn’t int Dialer0 your wan?

interface FastEthernet4
description $ETH-WAN$

from your config example:

interface Vlan1
no ip ips sdm_ips_rule in
no ip ips sdm_ips_rule out

interface Dialer0
no ip ips sdm_ips_rule out

This is the clasical problem with series 87x.I and chris had the same problem with 876 and 877 cisco router.The problem will be fixed with ios upgade.What ios version have you?You should upgrade with the latest ios version and ι´m sure to fix you problem.
I´waiting your news