Cisco 3825 onboard crypto engine accelerator causes rx parts overflow/pkts dropped and disconnects the network. Does anybody has the same issue and how to resolve that?
The issue happened when we use crypto ipsec fragmentation after-encyption. We couldn't use fragmentation before-encryption as that caused users couldn't access some services. I think this is because the packet fragmented before encryption and the network has QOS in place, some packets delayed. When the host didn't receive all fragmented packets together, it won't be able to reassemble it together and dropped the packet.
When we use software encryption rather than hardware accelerato, it is working ok. However, the CPU jumps up to 100% usage. It would be slow down the network as you known.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...