07-11-2021 10:55 AM
Hello Guys.
I have a 4351 ISR running IOS Version 15.5(2)S3, it has the Securityk9 license, two days ago i noticed that all my remote sites went down but we could reach the remote tunnel IPs for the branches, it looked that it was an issue with IPSec encryption, the router was unable to process IPSec connections, upon reviewing the syslog messages we noted the below warning :
"Maximum Tx bandwidth Limit of 85000 kbps reached for crypto functionality with SecurityK9 technology license"
is there a way i can limit the IPSec encrypted traffic to not go beyond 80000 kbps? instead of having it reach the limit and then loosing connectivity to the remote sites, i know we can install the HSEC license to remove the limitation but at the moment we are looking for an option to limit the traffic to not go beyond 85000 kbps.
07-11-2021 11:02 AM
Yes, I've had this issue before, you can use QoS to limit the traffic. Here is an example.
07-11-2021 11:11 AM
how about an example like this (will this works for you ?)
access-list 100permit ip any x.x.x.x x.x.x.x
class-map mysubnet
match access-group 100
policy-map 80MBmap
class-map mysubnet
bandwidth percent 80 <-- change this based on interface
policy-map physical
class class-default
police 8000000 conform-action transmit exceed-action drop
service-policy 80MBmap
int gix/x
service-policy output physical
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide