01-21-2009 01:03 AM - edited 03-04-2019 12:55 AM
Hi ALL:
I see high cpu due to encrypt process on my router what could be the possible reasons.
Chao
Vishwa
01-21-2009 01:18 AM
An IPSec tunnel would be a likely cause. Is there one or more IPSec tunnel(s) configured?
01-21-2009 01:38 AM
Hi Patrick ,
There is only one tunnel configured.
could you suggest any document informing about the encrypt procees,since i am using ipsec i am pretty sure it have to do something with that .
Chao
Vishwa
01-21-2009 04:24 AM
Software encryption will often consume much CPU with little encrypted traffic. If you don't have a hardware encryption, you'll want to consider obtaining it (if supported on you platform). If you have hardware encryption, insure it's being used (which is the default, I believe, but I also believe it can be configured to be not used).
01-21-2009 04:34 AM
Hi Jose,
I am using 2651XM and some how i belive that it will use that much process.
My config for IPSEC is:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key xxxxxx address x.x.x.1
crypto isakmp identity hostname
!
!
crypto ipsec transform-set rtpset-3des esp-3des esp-md5-hmac
mode transport
crypto ipsec df-bit clear
!
crypto map VPN1 1 ipsec-isakmp
set peer x.x.x.1
set security-association lifetime seconds 1200
set transform-set rtpset-3des
match address VPN-Traffic
interface FastEthernet0/1
ip address x.x.x.2 255.255.255.252
speed 100
full-duplex
crypto map VPN1
How could i tell if it is hardware switched or software switched.
Chao
Vishwa
01-21-2009 05:23 AM
Hi Chao,
I am using the same 2651XM for IPSec VPN. I had the same problem. The router hits 98% utilization with traffic as low as 200kbps. But it still support 1500kbps without causing further problems. I don't have a vpn hw and 2620XM is not sold anymore. Since this vpn traffic is the only traffic in this router, I've been using it without users' complaints.
Cisco used to sell an VPN AIM for this router. Look at the 'sh version' output to see if you have a VPN Module, if not, check if you can get one.
PRoque
01-21-2009 06:10 AM
Thanks Paul i will check on that.
Chao
Vishwa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide