Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN module

Hi,

I have a Cisco 3640 Router at my Central office which has 3 IPsec/3DES VPNs with 3 branch locations. The CPU utilization on this router shoots to 90% and above on some days due to heavy traffic and the resulting encryption/decryption. The applications starts to run really slow once this happens.

I'm planning to purchase a VPN encryption module for this router and the model which i've found from the cisco site is NM-VPN/MP=

I think this module should change things . I wanted to know whether

1. This module is compatible with my router. I did some research and feels that there shouldn't be any issues but still wanted to confirm with anyone who has prior experience.

My 3640 has 16 MB flash, 128 MB main memmory and has Cisco IOS 12.2(7) C running. Also this router has a free network module slot.

2. Are there any know bugs with this module? Do i need to make any confihuration changes ?

Thanks and regards,

jimmy.

2 REPLIES
New Member

Re: VPN module

Jimmy,

These questions can have many different answers and should warrant more information before determining the outcome. I'd like to address your 90% CPU on the router, you have 3 vpn tunnels configured on your router? If you unapplied the crypto map from the router are you still seeing that high of a cpu utilization? Your second question asked about bugs with the modules, but i'm wondering if you running into a bug with that high of a cpu in your current ios without the module. Something for you to check into before you start spending the $$ only to find out that it didnt help. Cause then you will need to upgrade your code on the router to get out of that bug which will more than like ly be a 12.2T(like 12.2.13T) which will require you to spend more $$ on flash as it requires 32mb flash 96mb ram. The router should be able to keep up with your WAN bottleneck in most configurations with only 3 tunnels, unless your doing like any any for your interesting traffic access-list, which of course your not with 3 tunnels.

To answer your first question, yes its the appropriate module for that platform and you do have enough mem and flash to run that release. Do you have any plans on termintating client connections on the router? If you are then it will require minimum 12.2.8T(don't run this though, its just the minimum), which means you will need more flash as the minimum flash is 32mb.

Your second question answer is there are no bugs, just features :>)

Would need to know more information on exactly what you are running on your box to determine if something will affect you or your configuration. Best thing to do would be to contact your local account manager as they should or will have a better understanding of your network topology/layout.

Kurtis Durrett

New Member

Re: VPN module

Hi Kurtis,

Thanks a lot for your reply. The high utilization is directly linked to the the heavy data traffic which this VPN has to handle. The points to justy my statment are.

1. The CPU utilization shoots up towards noon time when the no: of users using the VPN increases and starts sending more data across it.

2. The utilization reaches peak on monday mornings due to the high call volume after the holidays(the branch site has agnets who handle customer calls)

3. When i do a "show process cpu" 75% of the CPU utilization is shown under encryp process

4. The CPU utlization is well with in limits when the data throughput through the internet interface is less.

Other than this heavy CPU utilization there is no problems as such with the router. Also I'm not plannng to terminate any client connections on the router.

regards,

jimmy.

90
Views
0
Helpful
2
Replies
CreatePlease to create content