I have a big issue with the VPN router of a small office (70 users). This router is also use for Internet browsing. The router cpu is around 99% due to the IP NAT AGER process.
CPU utilization for five seconds: 99%/3%; one minute: 97%; five minutes: 90%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
178 2755628 43326 63602 94.43% 93.54% 85.06% 0 IP NAT Ager
sh ip nat tra
Total active translations: 31819 (0 static, 31819 dynamic; 31819 extended)
Hits: 725042 Misses: 47287
CEF Translated packets: 750176, CEF Punted packets: 11536
Expired translations: 43226
-- Inside Source
[Id: 1] access-list 10 interface FastEthernet0/0 refcount 11819
Appl doors: 0
Normal doors: 0
Queued Packets: 0
ip address zzzz 255.255.255.252
ip mtu 1420
ip tcp adjust-mss 1350
keepalive 10 3
tunnel source xxxxx
tunnel destination yyyyy
ip address y.y.y.y 255.255.255.0
ip nat outside
crypto map WANMAP
ip address x.x.x.x 255.255.255.0
ip nat inside
ip nat inside source list 10 interface FastEthernet0/0 overload
What is this ? Are there worms on my LAN ? Is it the virtual reassembling thing that is creating some issues ?
To find out the root cause you can enable netflow in your local lan interface and find out whats happening with the traffic transactions.
With that you can come to a solid conclusion or atleast get a clue on what is making or hogging the CPU up.
Configure ip route-cache flow under your local lan ethernet interface and make use of show ip cache flow to check the traffic transactions.
Hope the below link helps u out.