Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

High CPU Utilization on ASA 5540

I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. Any ideas on how I can find the root cause of the CPU high utilization?

2 REPLIES
Silver

Re: High CPU Utilization on ASA 5540

Try disabling the "logging flash-bufferwrap feature" if enabled and perform a reload and check for the cpu usage.also can you provide us the ouputs of 'show tech' and 'show proc' from the ASA taken 60 seconds apart so that the issue can be investigated in a better way to find a better solution.

Community Member

High CPU Utilization on ASA 5540

Hi rlortiz,

I ran into this issue as well on an ASA 5540 with only about 150 users. In the case if you are using large modulus operations including large key size certificates and a higher Diffie-Hellman group, it will cause for high processing.

Since the default method of processing these operations is software-based, it will cause higher CPU usage and also slower SSL/IPsec connection establishment.

If this is the scenario for you, use hardware-based processing by using the following configuration:


"crypto engine large-mod-accel"

1549
Views
0
Helpful
2
Replies
CreatePlease to create content