I have a VPN3030 set up strictly for remote access users only. (using preshared keys & running 3DES-MD5).
Problem is, that the vpn3030 hits 100% cpu load, at only ~ 6Mb thrughput ~150 sessions.
Is it possible to get detailed information on the CPU usage from the VPN3030?? - I would really like to know what's causing this problem. The only "monitoring" related to cpu usage i have knowledge of, is the "Awerage CPU utilization".... which is basically next to useless, regarding troubleshooting.
It seems to be a data compression issues. Data compression increases the memory requirement and CPU utilization for each user session and consequently decreases the overall throughput of the VPN Concentrator. For this reason, Cisco recommends that you enable data compression only if every member of the group is a remote user that connects with a modem. If any member of the group connects through broadband, do not enable data compression for the group. Instead, divide the group into two groups, one for modem users and the other for broadband users. Enable data compression only for the group of modem users.
The problem is now solved. - For some obscure reason, the SEP module was no longer active for my basegroup.. it was simply just "unchecked" in the selection menu! - I have no idea how this happened... im 100% sure I didn't uncheck the SEP module. The only changes made to the VPN3030 the last couple of months is firmware upgrades... no users added & removed, no changes etc...
Makes me wonder, if this could really be related to the final firmware upgrade we did prior to the incident... i'll probably never find out.
But to sum it all up... I enabled the SEP module in base group, and cpu load went from 100% to around 5-10% right away.
Expand Configuration then User management then go to Groups and then open the group you are working with. Now go to the General tab and at the bottom you will see SEP card Assignment. Make you you only check on the slot that has a SEP card in it. By the way you may be able to buy more sep cards to increass the performance of the concentrator. just be careful there are two type of card and you cannot mix them.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...