10-07-2008 02:44 AM - edited 03-03-2019 11:49 PM
Hi,
I currently have a 2611XM and a 1720 router setup with a GRE tunnel between them running over Ipsec.
When I run 'show processes cpu', the 'Encrypt Proc' process is always consuming a high percentage of the cpu resources. This affects the throughput I'm getting as well as the general responsiveness of the routers. The overall CPU usage hovers around 96% when there is high data throughput. This is on both routers.
I am likely to want to setup additional VPN tunnels that terminate at these routers. Do I need to look at replacing these routers, with 1800 series routers for example?
Thanks
10-07-2008 07:26 AM
I believe both the 2600 and 1700 series supported some AIM encryption modules, but also believe the original modules have gone end-of-sale and don't know whether either of the older router series are supported by the newer encryption modules. An encyption module should bring CPU usage down.
As to your question of needing newer routers for additional VPN tunnels, if the overall traffic load wasn't being increased, I would think additional tunnels, alone, might not have a dramatic impact on CPU load but with your CPU load already about 96%, likely you would benefit from having hardware encryption that should be available in a newer series routers (some of which now provide basic hardware encyption as part of the standard platform).
10-07-2008 08:16 AM
for the 2600 you should be able to get a
AIM-vpn/(bp, ep, hp) or maybe even a
AIM-vpn/(bp, ep, hp)II
I'm not sure if the Aim-vpn/xxII plus would work in it
as for the 1700 I don't think it supports one
if you upgrade to a 2800 then you could go to the current aim-vpn/ssl-1 or -2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide