firstly high cpu can be expected if you go anywhere near 5000 mark, sometimes depending on how much other traffic you have you can expect the performance to be affected even before the 5000 mark is reached
now if you feel you should have 3000 peers lets see why you have 5000 + phase 1 SA's, lets find out if we have duplicate SA's or are they some remote access users trying to make connection
show cry isa sa | in
once you have an ip which has duplicate sa lets have more details about it
show vpn-sessiondb detail remote filter p-ipaddress or show vpn-sessiondb detail l2l filter
this will tell us about the session
also just a small query to understand your network, were any changes made to your network before you started seeing this, it can be anything like acquiring a new company or disbanding a company etc
just to understand why so much fluctuation in vpn sessions
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...