Get VPN issue

Unanswered Question
Jun 3rd, 2010

Hello,

I want deploy 500-600 branch with get vpn to encrypt the traffic and i have issue :

- When keyserver rekey the GM, all GM within 20-30 seconds have cpu process around 99%. Is this issue normal for Router GM when receive rekey

  from keyserver ??

Capture log :

  Jun  3 09:24:27.561: %GDOI-5-GM_RECV_REKEY: Received Rekey for group GDOI-GROUP1 from 10.192.1.1 to 10.148.192.2 wi  22

   0     2   0  0.00%  0.00%  0.00%   0 AAA high-capacit

  Router-GM#sh processes cpu
  CPU utilization for five seconds: 99%/0%; one minute: 22%; five minutes: 41%

- After GM fail closed because keyserver down, can GM will be fail open again besides using "clear crypto gdoi". Because if keyserver down in worse

  case, can traffic which encrypt go in clear text(not encrypt) like normal traffic.

- And if I want deploy 500 branch(GM) using get vpn and I use different Router as keyserver ( Router 3845 and Router 3825 ) will this make issue went  keyserver primary goes down and keyserver secondary became primary?? So far I try is no problem.

Topology that i use : keyserver -> Router Wan (GM) -> ISP(MPLS) -> Router branch (GM).  Please help me with that issue, because i affraid that i do wrong way.

Thank You,

Risky

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion