I have a Cisco 3640 Router at my Central office which has 3 IPsec/3DES VPNs with 3 branch locations. The CPU utilization on this router shoots to 90% and above on some days due to heavy traffic and the resulting encryption/decryption. The applications starts to run really slow once this happens.
I'm planning to purchase a VPN encryption module for this router and the model which i've found from the cisco site is NM-VPN/MP=
I think this module should change things . I wanted to know whether
1. This module is compatible with my router. I did some research and feels that there shouldn't be any issues but still wanted to confirm with anyone who has prior experience.
My 3640 has 16 MB flash, 128 MB main memmory and has Cisco IOS 12.2(7) C running. Also this router has a free network module slot.
2. Are there any know bugs with this module? Do i need to make any confihuration changes ?
These questions can have many different answers and should warrant more information before determining the outcome. I'd like to address your 90% CPU on the router, you have 3 vpn tunnels configured on your router? If you unapplied the crypto map from the router are you still seeing that high of a cpu utilization? Your second question asked about bugs with the modules, but i'm wondering if you running into a bug with that high of a cpu in your current ios without the module. Something for you to check into before you start spending the $$ only to find out that it didnt help. Cause then you will need to upgrade your code on the router to get out of that bug which will more than like ly be a 12.2T(like 12.2.13T) which will require you to spend more $$ on flash as it requires 32mb flash 96mb ram. The router should be able to keep up with your WAN bottleneck in most configurations with only 3 tunnels, unless your doing like any any for your interesting traffic access-list, which of course your not with 3 tunnels.
To answer your first question, yes its the appropriate module for that platform and you do have enough mem and flash to run that release. Do you have any plans on termintating client connections on the router? If you are then it will require minimum 12.2.8T(don't run this though, its just the minimum), which means you will need more flash as the minimum flash is 32mb.
Your second question answer is there are no bugs, just features :>)
Would need to know more information on exactly what you are running on your box to determine if something will affect you or your configuration. Best thing to do would be to contact your local account manager as they should or will have a better understanding of your network topology/layout.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :