Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

High CPU

Hi ALL:

I see high cpu due to encrypt process on my router what could be the possible reasons.

Chao

Vishwa

6 REPLIES
New Member

Re: High CPU

An IPSec tunnel would be a likely cause. Is there one or more IPSec tunnel(s) configured?

New Member

Re: High CPU

Hi Patrick ,

There is only one tunnel configured.

could you suggest any document informing about the encrypt procees,since i am using ipsec i am pretty sure it have to do something with that .

Chao

Vishwa

Super Bronze

Re: High CPU

Software encryption will often consume much CPU with little encrypted traffic. If you don't have a hardware encryption, you'll want to consider obtaining it (if supported on you platform). If you have hardware encryption, insure it's being used (which is the default, I believe, but I also believe it can be configured to be not used).

New Member

Re: High CPU

Hi Jose,

I am using 2651XM and some how i belive that it will use that much process.

My config for IPSEC is:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxxxxx address x.x.x.1

crypto isakmp identity hostname

!

!

crypto ipsec transform-set rtpset-3des esp-3des esp-md5-hmac

mode transport

crypto ipsec df-bit clear

!

crypto map VPN1 1 ipsec-isakmp

set peer x.x.x.1

set security-association lifetime seconds 1200

set transform-set rtpset-3des

match address VPN-Traffic

interface FastEthernet0/1

ip address x.x.x.2 255.255.255.252

speed 100

full-duplex

crypto map VPN1

How could i tell if it is hardware switched or software switched.

Chao

Vishwa

New Member

Re: High CPU

Hi Chao,

I am using the same 2651XM for IPSec VPN. I had the same problem. The router hits 98% utilization with traffic as low as 200kbps. But it still support 1500kbps without causing further problems. I don't have a vpn hw and 2620XM is not sold anymore. Since this vpn traffic is the only traffic in this router, I've been using it without users' complaints.

Cisco used to sell an VPN AIM for this router. Look at the 'sh version' output to see if you have a VPN Module, if not, check if you can get one.

PRoque

New Member

Re: High CPU

Thanks Paul i will check on that.

Chao

Vishwa

181
Views
2
Helpful
6
Replies