High CPU Utilization on ASA 5540

rlortiz · ‎05-12-2008

I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. Any ideas on how I can find the root cause of the CPU high utilization?

smahbub · ‎05-16-2008

Try disabling the "logging flash-bufferwrap feature" if enabled and perform a reload and check for the cpu usage.also can you provide us the ouputs of 'show tech' and 'show proc' from the ASA taken 60 seconds apart so that the issue can be investigated in a better way to find a better solution.

Sharmeelan Mahendrarajah · ‎02-22-2013

Hi rlortiz,

I ran into this issue as well on an ASA 5540 with only about 150 users. In the case if you are using large modulus operations including large key size certificates and a higher Diffie-Hellman group, it will cause for high processing.

Since the default method of processing these operations is software-based, it will cause higher CPU usage and also slower SSL/IPsec connection establishment.

If this is the scenario for you, use hardware-based processing by using the following configuration:

"crypto engine large-mod-accel"