Дано:
adsl канал 8mb/1mb <-->adsl-modem(bridge) <--> cisco 2651xm <--> localnet (192.168.0.0/16)

Нужно:
обеспечить работу клиент-банка и прочего инета когда работает торрент.

Покритикуйте пожалуйста мой конфиг, а то с цисками очень мало опыта.
Все работает но маршрутизатор жутко тормозит когда кто нибудь торентит - загрузка cpu 100%

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c2600-adventerprisek9-mz.124-23.bin
boot-end-marker
!
!
no aaa new-model
clock timezone KIEV 2
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
vpdn enable
!
!
class-map match-any bank
match access-group 101
class-map match-any dns_in
match access-group 110
class-map match-any icq_in
match access-group 112
class-map match-any www_in
match access-group 111
class-map match-any tcp_ack
match access-group 102
class-map match-any bank_in
match access-group 113
class-map match-any www
match access-group 104
class-map match-any dns
match access-group 103
class-map match-any icq
match access-group 105
!
!
policy-map simple-qos
class tcp_ack
  priority percent 5
class bank
  priority percent 10
class dns
  priority percent 20
class icq
  priority percent 5
class www
  priority percent 15
class class-default
  fair-queue
policy-map main
class class-default
  shape average 1008000
  service-policy simple-qos
policy-map test_qos
class class-default
policy-map qos-in
class www_in
  bandwidth percent 30
class dns_in
  bandwidth percent 1
class icq_in
  bandwidth percent 1
class bank_in
  bandwidth percent 10
class class-default
  fair-queue
policy-map main_in
class class-default
  shape average 9800000
  service-policy qos-in
!
!
no crypto isakmp enable
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.250 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
service-policy output main_in
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
ip mtu 1492
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
service-policy output main
!
interface Serial0/1
no ip address
shutdown
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group deny_telnet in
ip nat outside
ip virtual-reassembly drop-fragments
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username *****@dsl.ukrtel.net password 0 **********
ppp ipcp dns request accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat translation timeout 15
ip nat translation tcp-timeout 15
ip nat translation udp-timeout 10
ip nat translation finrst-timeout 3
ip nat translation syn-timeout 3
ip nat translation dns-timeout 10
ip nat translation icmp-timeout 30
ip nat translation port-timeout tcp 443 6000
ip nat translation port-timeout tcp 5190 6000
ip nat translation port-timeout tcp 10001 180
ip nat translation max-entries host 192.168.2.1 100
ip nat translation max-entries host 192.168.2.2 100
ip nat translation max-entries host 192.168.1.1 100
ip nat translation max-entries host 192.168.2.4 100
ip nat translation max-entries host 192.168.2.6 100
ip nat translation max-entries host 192.168.2.7 100
ip nat translation max-entries host 192.168.2.17 100
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended deny_telnet
permit tcp any any established
deny   tcp any any eq telnet
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 172.16.0.0 0.0.255.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   tcp any any fin syn
permit ip any any
!
access-list 1 permit 192.168.1
access-list 1 permit 192.168.1.1
access-list 1 permit 192.168.2.2
access-list 1 permit 192.168.1.254
access-list 1 permit 192.168.1.200
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip any host 178.12.11.153
access-list 101 remark client-bank
access-list 102 permit tcp any any ack
access-list 103 permit udp any any eq domain
access-list 104 permit tcp any any eq www
access-list 104 permit tcp any any eq 443
access-list 104 permit tcp any any eq 81
access-list 104 permit tcp any any eq 8080
access-list 104 permit tcp any any eq 8081
access-list 105 permit tcp any any eq 5190
access-list 105 permit tcp any any eq 5191
access-list 105 permit tcp any any eq 5192
access-list 105 permit tcp any any eq 5193
access-list 110 permit udp any eq domain any
access-list 111 permit tcp any eq www any
access-list 111 permit tcp any eq 81 any
access-list 111 permit tcp any eq 8080 any
access-list 111 permit tcp any eq 8081 any
access-list 111 permit tcp any eq 443 any
access-list 112 permit tcp any eq 5190 any
access-list 113 permit ip host 78.152.161.153 any
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vtp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps dnis
snmp-server host 192.168.250 public
snmp-server host 192.168.254 public
!
!
control-plane
!
!
!
line con 0
speed 115200
line aux 0
line vty 0 4
login
!
ntp clock-period 17208214
ntp server 192.168.1.254 prefer
!
end