Olimpo Informatico

[lensergio]

Salve a tutti.
Ho un problema che mi manda al manicomio da giorni.
Ho sostituito il vecchio router Hamlet HRDSL750w con un Cisco 877.
Quest'ultimo è più veloce e navigo senza problemi, eccetto che su Google Maps.
Google maps va inizialmente a singhiozzo, poi si blocca del tutto, quindi non riesco nemmeno più
ad entrare in gmail o addirittura nella pagina principale del motore di ricerca.
Se cambio sito nessun problema.
Stessa cosa su altri 2 pc della LAN casalinga.
Poichè sul pc ho altre partizioni, ho fatto delle prove con tre versioni di
Linux Ubuntu, ebbene in due casi Google maps funzione bene, in un caso no.
Inoltre sullo stesso pc ho provato due macchine virtuali, con una funziona e con l'altra no.

Ho provato a configurare il Cisco eliminando il firewall.
Poi ho provato a passare in PPPoE - MTU 1492.
Ho cambiato i DNS sia sul Cisco che sul pc.
Niente.
L'unica cosa che ho notato, nelle indicazioni di Firefox-Extended statusbar,
è che quando il browser si blocca mi dà una velocità di download 'altina' e
'tonda' (500 - 1000 - 2000 kb/sec)

Riassuno la situazione:
ADSL: Alice 20 mega
LAN: ethernet

Router Hamlet HRDSL750w - velocità di dowload 7,2 Mbps - nessun problema con Google maps
Router Cisco 877 - velocità di dowload 12,7 Mbps - problemi con Google maps

pc mio: win XP sp3 + firefox 24 - non va
ubuntu 10.10 + firefox 4.5 - funziona
ubuntu 11.05 + firefox - funziona
ubuntu 12.10 + firefox 18.01 o anche chromium - non va
macchina virtuale ubuntu 13.10 + firefox 24 - funziona
macchina virtuale win XP sp3 + firefox - non va
altri 2 pc in LAN: win 7 + firefox - non va

Infine posto la configurazione del Cisco:

!----------------------------------------------------------------------------
!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone CET 1
clock summer-time ROMA recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool dhcppool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 151.99.125.3 195.186.4.111
update arp
!
!
ip domain name yourdomain.com
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp router-traffic
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
!
!
crypto pki trustpoint TP-self-signed-1315516827
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1315516827
revocation-check none
rsakeypair TP-self-signed-1315516827
!
!username admin privilege 15 secret 5 $1$d/aB$KnexVVtR.B9Iha9Iui4f21
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/835
encapsulation aal5mux ppp dialer
!
dsl operating-mode auto
ntp disable
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
! --- PPPoA
encapsulation aal5mux ppp dialer
dialer pool-member 1
! --- PPPoE
! pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ntp disable
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username aliceadsl password 0 aliceadsl
ppp ipcp dns request
ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.59 64660 interface Dialer0 64660
ip nat inside source static tcp 192.168.1.23 64650 interface Dialer0 64650
ip nat inside source static udp 192.168.1.23 64651 interface Dialer0 64651
ip nat inside source static udp 192.168.1.59 64661 interface Dialer0 64661
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any host 0.0.0.0
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 224.0.0.0 31.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any host 192.168.1.255 log
access-list 101 permit tcp any any gt 1023 established
access-list 101 permit udp host 193.204.114.232 any eq ntp
access-list 101 permit udp host 193.204.114.233 any eq ntp
access-list 101 permit tcp any any range 64650 64699
access-list 101 permit udp any any range 64650 64699
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip any any log
access-list 101 deny ip any any
access-list 101 permit ip any any
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny tcp any any eq 445 log
access-list 102 deny tcp any any eq 1243 log
access-list 102 deny tcp any any eq 2773 log
access-list 102 deny tcp any any range 6711 6713 log
access-list 102 deny tcp any any eq 6776 log
access-list 102 deny tcp any any eq 7000 log
access-list 102 deny tcp any any eq 7215 log
access-list 102 deny tcp any any eq 27374 log
access-list 102 deny tcp any any eq 27573 log
access-list 102 deny tcp any any eq 54283 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 permit udp host 192.168.1.23 eq 64651 any
access-list 102 permit udp host 192.168.1.59 eq 64661 any
access-list 102 deny ip any any log
no cdp run
!
control-plane
!
line con 0
exec-timeout 0 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 0 0
privilege level 15
password xxxx
login
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175108
ntp server 193.204.114.232
ntp server 193.204.114.233
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
---------------------------------

Ciò premesso ringrazio chiunque voglia darmi qualche indicazione,
dato che in rete ho trovato tante informazioni interessanti
ma niente di specifico su questa strana incompatibilità tra cisco e google.

[lensergio]

Per la cronaca: risolto (grazie Wolfhwk).
la riga responsabile è questa:
ip inspect name SDM_LOW https
Se vi capita ...