I have a 7206VXR-G1 router with SA-VAM2+ being used for VPN termination and internet access. The routers CPu is starting to run pretty high, reaching over 80% during peak load and I am thinking about enabling turbo ACL's as an option to help decrease CPU load. I have a total of about 800 ACL's defined with a total of nearly 8000 ACL entries. Some ACL's have over a hundred lines, others may only have 10 or 20.
I have read here on the forums that turbo ACL's have helped out in certain situations, but I am wondering what kind of impact this will have on my VPN environment.
I read that every time an ACL change is made the router has to recompile the ACL. How long does this take on an ACL with 20 lines? How about 100 lines? How much memory is typicaly used with this many ACL entries?
Do turbo ACL's help performance with ACL's defined for crypto maps the same as they would for interface ACL's?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...