I want deploy 500-600 branch with get vpn to encrypt the traffic and i have issue :
- When keyserver rekey the GM, all GM within 20-30 seconds have cpu process around 99%. Is this issue normal for Router GM when receive rekey
from keyserver ??
Capture log :
Jun 3 09:24:27.561: %GDOI-5-GM_RECV_REKEY: Received Rekey for group GDOI-GROUP1 from 10.192.1.1 to 10.148.192.2 wi 22
0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
Router-GM#sh processes cpu CPU utilization for five seconds: 99%/0%; one minute: 22%; five minutes: 41%
- After GM fail closed because keyserver down, can GM will be fail open again besides using "clear crypto gdoi". Because if keyserver down in worse
case, can traffic which encrypt go in clear text(not encrypt) like normal traffic.
- And if I want deploy 500 branch(GM) using get vpn and I use different Router as keyserver ( Router 3845 and Router 3825 ) will this make issue went keyserver primary goes down and keyserver secondary became primary?? So far I try is no problem.
Topology that i use : keyserver -> Router Wan (GM) -> ISP(MPLS) -> Router branch (GM). Please help me with that issue, because i affraid that i do wrong way.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :