05-23-2010 10:28 PM - edited 02-21-2020 04:39 PM
Hi,
We use Cisco 3725 for both hub and spoke routers. We are using static routing for now as a temp sollution. IOS ver is C3725-ADVSECURITYK9-M), Version 12.4(7c).
We want keep our DMVPN setup but lower the encryption on all routers as it is causing some with high CPU on software encryptions. Current use of the tunnels is VOIP traffic and sometimes file transfer. Since we are not upgrading to a 3800 using AIM modules, I would like to lower the encryption or if possible remove it all together.
Any tips on what I should use to have abit of safety but not too much that may raise the router resource? The main purpose use of the tunnels are to keep the config a small as possible and VOIP.
Below is our HUB and SPOKES config:
HUB
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
!
crypto ipsec transform-set private esp-3des esp-md5-hmac
!
crypto ipsec profile cisco4eva
set transform-set private
!
interface Tunnel0
description DMVPN_HUB
ip address 172.1.1.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 1
no clns route-cache
tunnel source FastEthernet2/0
tunnel mode gre multipoint
tunnel key 69
tunnel protection ipsec profile cisco4eva
!
interface FastEthernet2/0
description INTERNET
========================================================
SPOKES
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key test address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
!
crypto ipsec transform-set private esp-3des esp-md5-hmac
!
crypto ipsec profile cisco4eva
set transform-set private
!
interface Tunnel1
description DMVPN_SPOKE
ip address 172.1.1.2 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication test
ip nhrp map 172.1.1.1 X.X.X.X
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 172.1.1.1
ip nhrp registration no-unique
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 69
tunnel protection ipsec profile cisco4eva
!
interface FastEthernet0/0
description INTERNET
Thanks
05-23-2010 11:08 PM
I presume the 3725 does not have an encryption module?
05-23-2010 11:37 PM
Hi leolaohoo,
Yes, we do not have it on our 3725. We are going to upgrade to a 3825 for the purpose of having wireless and IP camera NMEs but won't be done until next year.
Thanks
05-24-2010 03:11 PM
And what bandwidth do you have?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: