cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
2
Helpful
6
Replies

High CPU

vishwancc
Level 3
Level 3

Hi ALL:

I see high cpu due to encrypt process on my router what could be the possible reasons.

Chao

Vishwa

6 Replies 6

patrickvanham
Level 1
Level 1

An IPSec tunnel would be a likely cause. Is there one or more IPSec tunnel(s) configured?

Hi Patrick ,

There is only one tunnel configured.

could you suggest any document informing about the encrypt procees,since i am using ipsec i am pretty sure it have to do something with that .

Chao

Vishwa

Joseph W. Doherty
Hall of Fame
Hall of Fame

Software encryption will often consume much CPU with little encrypted traffic. If you don't have a hardware encryption, you'll want to consider obtaining it (if supported on you platform). If you have hardware encryption, insure it's being used (which is the default, I believe, but I also believe it can be configured to be not used).

Hi Jose,

I am using 2651XM and some how i belive that it will use that much process.

My config for IPSEC is:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxxxxx address x.x.x.1

crypto isakmp identity hostname

!

!

crypto ipsec transform-set rtpset-3des esp-3des esp-md5-hmac

mode transport

crypto ipsec df-bit clear

!

crypto map VPN1 1 ipsec-isakmp

set peer x.x.x.1

set security-association lifetime seconds 1200

set transform-set rtpset-3des

match address VPN-Traffic

interface FastEthernet0/1

ip address x.x.x.2 255.255.255.252

speed 100

full-duplex

crypto map VPN1

How could i tell if it is hardware switched or software switched.

Chao

Vishwa

Hi Chao,

I am using the same 2651XM for IPSec VPN. I had the same problem. The router hits 98% utilization with traffic as low as 200kbps. But it still support 1500kbps without causing further problems. I don't have a vpn hw and 2620XM is not sold anymore. Since this vpn traffic is the only traffic in this router, I've been using it without users' complaints.

Cisco used to sell an VPN AIM for this router. Look at the 'sh version' output to see if you have a VPN Module, if not, check if you can get one.

PRoque

Thanks Paul i will check on that.

Chao

Vishwa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco