Since you've already replaced the router and upgraded the IOS, my first guess is that this is traffic related. Perhaps you have a routing loop or something of that nature. Even though it might take your router down, have you tried debug ip packet? Seriously, this might help pinpoint the offenders. Another thought is to just look at devices that are generating traffic that is being encrypted. I know, that's obvious, but that's what I would do. It may not be a routing loop, per say, it may just be a crazy device generating a lot of traffic that is hitting your crypto access lists. Being a slightly crazy person, I'm still leaning toward doing some debugging. :-) There may be some other crypto-related debugs that point out what's happening, I'll have to check into that when I get back to work tomorrow. Oh, another thought. Do a 'show crypto ipsec sa' and look for unusually high counters. That might also lead you to the culprit(s). Good luck, and let us know if you find anything. John | Hi all, | | Thought I'd ask if anyone has experienced similar to a problem I've had | recently. It's going to TAC now and I've got a workaround, but I'd be | interested if anyone could suggest the reason or confirm a bug which I have | been unable to locate. | | These routers had been running for nearly a year with no problems. All of a | sudden they started giving problems and I have been unable to track down | what external network changes may have triggered it. There were no config | changes to the two routers (We run Resource Manager Essentials which | monitors router config changes) | | Set-up was two 3660's running 12.1.1T, DES encryption over serial 2Mb link. | The links were set up with encryption peers as the serial IP addresses and | encryption access lists set up symmetrically without using any any on the | serial interfaces. | | After reload routers come up fine and encryption runs O.K. | After a varying length of time (around 5-10 minutes), the CPU utilisation | builds up gradually until it sits at around 98%. This utilisation was almost | totally due to encryption process. | | After swapping out the router and upgrading IOS, the problem still existed. | | I have got around the problem by using IP Unnumbered Loopback0 on Serial | links. CPU utilisation now hovers around 2%. | | Anybody seen similar, or suggest what could make the CPU utilisation | snowball like this? | | | Thanks, | | Gareth Hinton | | | | _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9140&t=9131 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
