05-12-2008 02:45 PM - edited 03-11-2019 05:43 AM
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. Any ideas on how I can find the root cause of the CPU high utilization?
05-16-2008 10:28 AM
Try disabling the "logging flash-bufferwrap feature" if enabled and perform a reload and check for the cpu usage.also can you provide us the ouputs of 'show tech' and 'show proc' from the ASA taken 60 seconds apart so that the issue can be investigated in a better way to find a better solution.
02-22-2013 12:33 PM
Hi rlortiz,
I ran into this issue as well on an ASA 5540 with only about 150 users. In the case if you are using large modulus operations including large key size certificates and a higher Diffie-Hellman group, it will cause for high processing.
Since the default method of processing these operations is software-based, it will cause higher CPU usage and also slower SSL/IPsec connection establishment.
If this is the scenario for you, use hardware-based processing by using the following configuration:
"crypto engine large-mod-accel"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide