patrickvanham Wed, 01/21/2009 - 01:18
User Badges:

An IPSec tunnel would be a likely cause. Is there one or more IPSec tunnel(s) configured?

vishwancc Wed, 01/21/2009 - 01:38
User Badges:

Hi Patrick ,

There is only one tunnel configured.

could you suggest any document informing about the encrypt procees,since i am using ipsec i am pretty sure it have to do something with that .


Chao

Vishwa


Joseph W. Doherty Wed, 01/21/2009 - 04:24
User Badges:
  • Super Bronze, 10000 points or more

Software encryption will often consume much CPU with little encrypted traffic. If you don't have a hardware encryption, you'll want to consider obtaining it (if supported on you platform). If you have hardware encryption, insure it's being used (which is the default, I believe, but I also believe it can be configured to be not used).

vishwancc Wed, 01/21/2009 - 04:34
User Badges:

Hi Jose,


I am using 2651XM and some how i belive that it will use that much process.

My config for IPSEC is:


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxxxxx address x.x.x.1

crypto isakmp identity hostname

!

!

crypto ipsec transform-set rtpset-3des esp-3des esp-md5-hmac

mode transport

crypto ipsec df-bit clear

!

crypto map VPN1 1 ipsec-isakmp

set peer x.x.x.1

set security-association lifetime seconds 1200

set transform-set rtpset-3des

match address VPN-Traffic


interface FastEthernet0/1

ip address x.x.x.2 255.255.255.252

speed 100

full-duplex

crypto map VPN1


How could i tell if it is hardware switched or software switched.


Chao

Vishwa

pauloroque Wed, 01/21/2009 - 05:23
User Badges:

Hi Chao,


I am using the same 2651XM for IPSec VPN. I had the same problem. The router hits 98% utilization with traffic as low as 200kbps. But it still support 1500kbps without causing further problems. I don't have a vpn hw and 2620XM is not sold anymore. Since this vpn traffic is the only traffic in this router, I've been using it without users' complaints.


Cisco used to sell an VPN AIM for this router. Look at the 'sh version' output to see if you have a VPN Module, if not, check if you can get one.


PRoque

Actions

This Discussion