We use Cisco 3725 for both hub and spoke routers. We are using static routing for now as a temp sollution. IOS ver is C3725-ADVSECURITYK9-M), Version 12.4(7c).
We want keep our DMVPN setup but lower the encryption on all routers as it is causing some with high CPU on software encryptions. Current use of the tunnels is VOIP traffic and sometimes file transfer. Since we are not upgrading to a 3800 using AIM modules, I would like to lower the encryption or if possible remove it all together.
Any tips on what I should use to have abit of safety but not too much that may raise the router resource?The main purpose use of the tunnels are to keep the config a small as possible and VOIP.
Below is our HUB and SPOKES config:
crypto isakmp policy 1 encr 3des authentication pre-share crypto isakmp key test address 0.0.0.0 0.0.0.0 crypto isakmp invalid-spi-recovery ! crypto ipsec transform-set private esp-3des esp-md5-hmac ! crypto ipsec profile cisco4eva set transform-set private ! interface Tunnel0 description DMVPN_HUB ip address 220.127.116.11 255.255.255.0 no ip redirects ip mtu 1440 ip nhrp authentication test ip nhrp map multicast dynamic ip nhrp network-id 1 no clns route-cache tunnel source FastEthernet2/0 tunnel mode gre multipoint tunnel key 69 tunnel protection ipsec profile cisco4eva
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...