On the 3945e, no issues are seen. On this platform, the encryption/decryption queue most of the time empty.
3945e-1#sh crypto engine accelerator ring pool
Device: Onboard VPN
Location: Onboard: 0
The Crypto Packet IPSEC Queue Information
The Queuesize is :2048
The no of entries currently being used : 0
The Read Index is :1809
The Write Index is :1809
Even if on 5 seconds average, the CPU usage is not at 90+%, the nature of the traffic can create a port speed burst that lasts few msec.
During that time, a router may have issues polling each interface [ which leads to overruns].
Always size your router accordingly to the nature of the traffic or shape the flow on the next hop device on the LAN side [ in order to queue packets instead of dropping them as overruns on the ipsec gateway.
Hi When Cisco ISE is doing the profiling it captures wrong endpoints such as it captured as Windows 7 but actually the PC is Windows 10 and they upgraded the PC from win7 to win10 last year but in Cisco ISE it's still showing as Window 7 - workstatio...
Hi All, What will be the service impact if Sponsor Certificate expired. Im using Guest, BYOD and Posture services.My Apex and plus license is expired 90 days back still will i get self signed(CSR) from ISE or first i need to get the licences renewed ...
Hi All, Can someone please help with the difference between signed and CA certificate to be used in cisco ISE. I think for all the nodes in the deployment must have admin ,EAP authentication certificate for replication and radius auth...
We have a WSA environment with SMA WSA s170 running on 10.1.0-204 SMA running on 10.1.0-037 I am looking for the recommended releases if I go by document there are various options and upgrade path is required. Can we u...
I would like to use an endpoint custom attribute to trigger the network access a device has. So as an example if I have a device that has a endpoint custom attribute of Display, I would like to use that as a condition to assign a specific DACL or vl...