High CPU util on 3825
in [Cisco]
|
From: Sanal Kisi on 26 Nov 2007 10:10 Hi, We have been seeing very high CPU util values which reaches the top (result of "sh processes cpu history " copied below). which were reaching only to 40-50% a few months ago. This is a router which has an ATM port with a connection of 16Mbps towards internet, and inside the ethernet port is connected to our 6500 switch with 2500 PCs throughout the campus. Is there anything I can do about this except replacing the router with a more powerful one ? Regards. ******************************************************************** ******************************************************************** ******************************************************************** ******************************************************************** RESULT OF "sh processes cpu history" 04:47:28 PM Monday Nov 26 2007 GMT 666666666666666666666666777776666666666666666666666666666666 111144444444449999977777000004444444444777776666655555888888 100 90 80 70 *************** ********************* 60 ************************************************************ 50 ************************************************************ 40 ************************************************************ 30 ************************************************************ 20 ************************************************************ 10 ************************************************************ 0....5....1....1....2....2....3....3....4....4....5....5....6 0 5 0 5 0 5 0 5 0 5 0 CPU% per second (last 60 seconds) 789877777788878777677778778788787778878767677767677886777777 519077783637150362947640743711869995191090503483939618457350 100 * 90 * * * * * 80 ******** *#**** * ** ** #**#*****#*** *** ** * 70 ########################################****#**#*####*#####* 60 ############################################################ 50 ############################################################ 40 ############################################################ 30 ############################################################ 20 ############################################################ 10 ############################################################ 0....5....1....1....2....2....3....3....4....4....5....5....6 0 5 0 5 0 5 0 5 0 5 0 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 877897443233345789998899887655333344567887888878986677433335667899878889 699604649772625762229013267622821027779769487471085392753103364883193165 100 * * 90 * ** ***** ** * ** ** ** *** ** 80 ***** ***#****#*** ************ * *##*****# 70 #**##* *#####*####** **######****#* ** **######*## 60 #####* **###########* **############**#* **########## 50 ######* *#############** **#################* ***########## 40 ######*** * **###############** **##################** *############ 30 ########*****#################****#####################****############# 20 ######################################################################## 10 ######################################################################## 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. 0 5 0 5 0 5 0 5 0 5 0 5 0 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU%
From: Trendkill on 26 Nov 2007 10:23 On Nov 26, 10:10 am, Sanal Kisi <sanalk...(a)yahoo.com> wrote: > Hi, > > We have been seeing very high CPU util values which reaches the top > (result of "sh processes cpu history " copied below). which were > reaching only to 40-50% a few months ago. > > This is a router which has an ATM port with a connection of 16Mbps > towards internet, and inside the ethernet port is connected to our > 6500 switch with 2500 PCs throughout the campus. > > Is there anything I can do about this except replacing the router with > a more powerful one ? > > Regards. > > ******************************************************************** > ******************************************************************** > ******************************************************************** > ******************************************************************** > > RESULT OF "sh processes cpu history" > > 04:47:28 PM Monday Nov 26 2007 GMT > > 666666666666666666666666777776666666666666666666666666666666 > 111144444444449999977777000004444444444777776666655555888888 > 100 > 90 > 80 > 70 *************** ********************* > 60 ************************************************************ > 50 ************************************************************ > 40 ************************************************************ > 30 ************************************************************ > 20 ************************************************************ > 10 ************************************************************ > 0....5....1....1....2....2....3....3....4....4....5....5....6 > 0 5 0 5 0 5 0 5 0 5 0 > CPU% per second (last 60 seconds) > > 789877777788878777677778778788787778878767677767677886777777 > 519077783637150362947640743711869995191090503483939618457350 > 100 * > 90 * * * * * > 80 ******** *#**** * ** ** #**#*****#*** *** ** * > 70 ########################################****#**#*####*#####* > 60 ############################################################ > 50 ############################################################ > 40 ############################################################ > 30 ############################################################ > 20 ############################################################ > 10 ############################################################ > 0....5....1....1....2....2....3....3....4....4....5....5....6 > 0 5 0 5 0 5 0 5 0 5 0 > CPU% per minute (last 60 minutes) > * = maximum CPU% # = average CPU% > > 877897443233345789998899887655333344567887888878986677433335667899878889 > > 699604649772625762229013267622821027779769487471085392753103364883193165 > 100 * > * > 90 * ** ***** ** * ** ** ** *** > ** > 80 ***** ***#****#*** ************ * *##*****# > 70 #**##* *#####*####** **######****#* ** **######*## > 60 #####* **###########* **############**#* > **########## > 50 ######* *#############** **#################* > ***########## > 40 ######*** * **###############** **##################** > *############ > 30 > ########*****#################****#####################****############# > 20 > ######################################################################## > 10 > ######################################################################## > > 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. > 0 5 0 5 0 5 0 5 0 5 0 5 > 0 > CPU% per hour (last 72 hours) > * = maximum CPU% # = average CPU% What kind of config are you running? This utilization seems high, but need to know if its getting the full internet table, and are you running NAT, etc?
From: Sanal Kisi on 26 Nov 2007 14:34 Yes, There are plenty of NAT and access lists available. Below is a stripped version of the configuration. Thanks in advance. conf. //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// Building configuration... Current configuration : 22455 bytes ! version 12.4 service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption ! hostname xxxxx ! boot-start-marker boot system flash c3825-advipservicesk9-mz.124-10b.bin boot-end-marker ! logging buffered 51200 warnings no logging console enable secret xxxxxxxxxxxxx ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authentication login sdm_vpn_xauth_ml_2 local aaa authentication login sdm_vpn_xauth_ml_3 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network sdm_vpn_group_ml_2 local aaa authorization network sdm_vpn_group_ml_3 local ! aaa session-id common clock timezone GMT 2 no ip source-route ip cef ! ! ! ! ip domain name domain.com ip name-server 10.0.0.9 ip name-server 10.0.0.46 ip inspect max-incomplete high 1600 ip inspect max-incomplete low 1200 ip inspect one-minute high 2000000000 ip inspect one-minute low 1000000000 ip inspect name firewall cuseeme timeout 3600 ip inspect name firewall ftp timeout 3600 ip inspect name firewall rcmd timeout 3600 ip inspect name firewall realaudio timeout 3600 ip inspect name firewall tftp timeout 30 ip inspect name firewall tcp timeout 3600 ip inspect name firewall udp timeout 15 ip ips sdf location flash://256MB.sdf ip ips notify SDEE ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki certificate chain TP-self-signed-4150674149 certificate self-signed 01 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 .. .. quit username zxxxxxxxxxxxxxxxxxxxxxxxxxx ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group our-vpn key xxxxxxx23 pool SDM_POOL_1 acl 100 netmask 255.255.255.248 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! crypto dynamic-map SDM_DYNMAP_2 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_3 crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_3 crypto map SDM_CMAP_2 client configuration address respond crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 ! ! ! ! interface GigabitEthernet0/0 description FW_INSIDE ip address 192.168.240.1 255.255.255.248 ip access-group sdm_gigabitethernet0/0_in in ip nat inside ip inspect firewall in ip virtual-reassembly load-interval 30 duplex auto speed auto media-type rj45 no keepalive crypto map SDM_CMAP_2 ! interface GigabitEthernet0/1 description FW_DMZ ip address external-ip ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto media-type rj45 no keepalive ! interface ATM1/0 bandwidth 34000 no ip address load-interval 30 atm ilmi-keepalive ! interface ATM1/0.32 point-to-point description FW_OUTSIDE ip address external-router-ip ip access-group sdm_ATM1/0_32_in in ip nat outside ip inspect firewall in ip virtual-reassembly max-reassemblies 1024 no snmp trap link-status crypto map SDM_CMAP_1 pvc ttnet 0/32 oam-pvc manage encapsulation aal5snap ! ! ip local pool SDM_POOL_1 192.168.240.5 192.168.240.6 ip route 0.0.0.0 0.0.0.0 real-ip ip route 10.0.0.0 255.0.0.0 192.168.240.2 ip route 172.16.0.0 255.255.0.0 192.168.240.2 ip route 192.168.0.0 255.255.0.0 192.168.240.2 ! ! no ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat log translations syslog ip nat translation max-entries all-host 100 /////// 30 lines of ip nat pool, one for each subnet /////// /////// 30 lines of ip nat translations, one for each subnet /////// /////// 50 lines of ip nat translations to real IP's /////// ! /////// 30 access lists, one per subnet /////// /////// aprx 60-70 permit-denys /////// ! logging trap debugging logging facility local6 logging source-interface GigabitEthernet0/0 logging 10.0.0.66 access-list 100 remark SDM_ACL Category=4 access-list 100 permit ip 192.168.240.0 0.0.0.7 any access-list 100 permit ip 10.0.0.0 0.0.0.255 any snmp-server community xxxxxx RO snmp-server packetsize 2048 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! banner login ^C ----------------------------------------------------------------------- Backbone Router ----------------------------------------------------------------------- ^C ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class management in transport input ssh line vty 5 15 access-class management in transport input ssh ! scheduler allocate 20000 1000 ntp clock-period 17179448 ntp server real-ip ! end //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// Regards. On Mon, 26 Nov 2007 07:23:05 -0800 (PST), Trendkill <jpmason(a)gmail.com> wrote: >On Nov 26, 10:10 am, Sanal Kisi <sanalk...(a)yahoo.com> wrote: >> Hi, >> >> We have been seeing very high CPU util values which reaches the top >> (result of "sh processes cpu history " copied below). which were >> reaching only to 40-50% a few months ago. >> >> This is a router which has an ATM port with a connection of 16Mbps >> towards internet, and inside the ethernet port is connected to our >> 6500 switch with 2500 PCs throughout the campus. >> >> Is there anything I can do about this except replacing the router with >> a more powerful one ? >> >> Regards. >> >> ******************************************************************** >> ******************************************************************** >> ******************************************************************** >> ******************************************************************** >> >> RESULT OF "sh processes cpu history" >> >> 04:47:28 PM Monday Nov 26 2007 GMT >> >> 666666666666666666666666777776666666666666666666666666666666 >> 111144444444449999977777000004444444444777776666655555888888 >> 100 >> 90 >> 80 >> 70 *************** ********************* >> 60 ************************************************************ >> 50 ************************************************************ >> 40 ************************************************************ >> 30 ************************************************************ >> 20 ************************************************************ >> 10 ************************************************************ >> 0....5....1....1....2....2....3....3....4....4....5....5....6 >> 0 5 0 5 0 5 0 5 0 5 0 >> CPU% per second (last 60 seconds) >> >> 789877777788878777677778778788787778878767677767677886777777 >> 519077783637150362947640743711869995191090503483939618457350 >> 100 * >> 90 * * * * * >> 80 ******** *#**** * ** ** #**#*****#*** *** ** * >> 70 ########################################****#**#*####*#####* >> 60 ############################################################ >> 50 ############################################################ >> 40 ############################################################ >> 30 ############################################################ >> 20 ############################################################ >> 10 ############################################################ >> 0....5....1....1....2....2....3....3....4....4....5....5....6 >> 0 5 0 5 0 5 0 5 0 5 0 >> CPU% per minute (last 60 minutes) >> * = maximum CPU% # = average CPU% >> >> 877897443233345789998899887655333344567887888878986677433335667899878889 >> >> 699604649772625762229013267622821027779769487471085392753103364883193165 >> 100 * >> * >> 90 * ** ***** ** * ** ** ** *** >> ** >> 80 ***** ***#****#*** ************ * *##*****# >> 70 #**##* *#####*####** **######****#* ** **######*## >> 60 #####* **###########* **############**#* >> **########## >> 50 ######* *#############** **#################* >> ***########## >> 40 ######*** * **###############** **##################** >> *############ >> 30 >> ########*****#################****#####################****############# >> 20 >> ######################################################################## >> 10 >> ######################################################################## >> >> 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. >> 0 5 0 5 0 5 0 5 0 5 0 5 >> 0 >> CPU% per hour (last 72 hours) >> * = maximum CPU% # = average CPU% > >What kind of config are you running? This utilization seems high, but >need to know if its getting the full internet table, and are you >running NAT, etc?
From: Trendkill on 26 Nov 2007 14:51 On Nov 26, 2:34 pm, Sanal Kisi <sanalk...(a)yahoo.com> wrote: > Yes, > > There are plenty of NAT and access lists available. > > Below is a stripped version of the configuration. > > Thanks in advance. > > conf. > //////////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////////// > > Building configuration... > > Current configuration : 22455 bytes > ! > version 12.4 > service timestamps debug datetime localtime > service timestamps log datetime localtime > no service password-encryption > ! > hostname xxxxx > ! > boot-start-marker > boot system flash c3825-advipservicesk9-mz.124-10b.bin > boot-end-marker > ! > logging buffered 51200 warnings > no logging console > enable secret xxxxxxxxxxxxx > ! > aaa new-model > ! > ! > aaa authentication login default local > aaa authentication login sdm_vpn_xauth_ml_1 local > aaa authentication login sdm_vpn_xauth_ml_2 local > aaa authentication login sdm_vpn_xauth_ml_3 local > aaa authorization exec default local > aaa authorization network sdm_vpn_group_ml_1 local > aaa authorization network sdm_vpn_group_ml_2 local > aaa authorization network sdm_vpn_group_ml_3 local > ! > aaa session-id common > clock timezone GMT 2 > no ip source-route > ip cef > ! > ! > ! > ! > ip domain name domain.com > ip name-server 10.0.0.9 > ip name-server 10.0.0.46 > ip inspect max-incomplete high 1600 > ip inspect max-incomplete low 1200 > ip inspect one-minute high 2000000000 > ip inspect one-minute low 1000000000 > ip inspect name firewall cuseeme timeout 3600 > ip inspect name firewall ftp timeout 3600 > ip inspect name firewall rcmd timeout 3600 > ip inspect name firewall realaudio timeout 3600 > ip inspect name firewall tftp timeout 30 > ip inspect name firewall tcp timeout 3600 > ip inspect name firewall udp timeout 15 > ip ips sdf location flash://256MB.sdf > ip ips notify SDEE > ! > voice-card 0 > no dspfarm > ! > ! > ! > ! > ! > ! > ! > ! > ! > ! > ! > ! > ! > ! > > ! > ! > crypto pki certificate chain TP-self-signed-4150674149 > certificate self-signed 01 > 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 > 04050030 > . > . > quit > username zxxxxxxxxxxxxxxxxxxxxxxxxxx > ! > ! > ! > crypto isakmp policy 1 > encr 3des > authentication pre-share > group 2 > ! > crypto isakmp client configuration group our-vpn > key xxxxxxx23 > pool SDM_POOL_1 > acl 100 > netmask 255.255.255.248 > ! > ! > crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac > ! > crypto dynamic-map SDM_DYNMAP_1 1 > set transform-set ESP-3DES-SHA > reverse-route > ! > crypto dynamic-map SDM_DYNMAP_2 1 > set transform-set ESP-3DES-SHA > reverse-route > ! > ! > crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2 > crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2 > crypto map SDM_CMAP_1 client configuration address respond > crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 > ! > crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_3 > crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_3 > crypto map SDM_CMAP_2 client configuration address respond > crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 > ! > ! > ! > ! > interface GigabitEthernet0/0 > description FW_INSIDE > ip address 192.168.240.1 255.255.255.248 > ip access-group sdm_gigabitethernet0/0_in in > ip nat inside > ip inspect firewall in > ip virtual-reassembly > load-interval 30 > duplex auto > speed auto > media-type rj45 > no keepalive > crypto map SDM_CMAP_2 > ! > interface GigabitEthernet0/1 > description FW_DMZ > ip address external-ip > ip nat outside > ip virtual-reassembly > load-interval 30 > duplex auto > speed auto > media-type rj45 > no keepalive > ! > interface ATM1/0 > bandwidth 34000 > no ip address > load-interval 30 > atm ilmi-keepalive > ! > interface ATM1/0.32 point-to-point > description FW_OUTSIDE > ip address external-router-ip > ip access-group sdm_ATM1/0_32_in in > ip nat outside > ip inspect firewall in > ip virtual-reassembly max-reassemblies 1024 > no snmp trap link-status > crypto map SDM_CMAP_1 > pvc ttnet 0/32 > oam-pvc manage > encapsulation aal5snap > ! > ! > ip local pool SDM_POOL_1 192.168.240.5 192.168.240.6 > ip route 0.0.0.0 0.0.0.0 real-ip > ip route 10.0.0.0 255.0.0.0 192.168.240.2 > ip route 172.16.0.0 255.255.0.0 192.168.240.2 > ip route 192.168.0.0 255.255.0.0 192.168.240.2 > ! > ! > no ip http server > ip http authentication local > ip http secure-server > ip http timeout-policy idle 5 life 86400 requests 10000 > ip nat log translations syslog > ip nat translation max-entries all-host 100 > > /////// > 30 lines of ip nat pool, one for each subnet > /////// > > /////// > 30 lines of ip nat translations, one for each subnet > /////// > > /////// > 50 lines of ip nat translations to real IP's > /////// > > ! > > /////// > 30 access lists, one per subnet > /////// > > /////// > aprx 60-70 permit-denys > /////// > > ! > logging trap debugging > logging facility local6 > logging source-interface GigabitEthernet0/0 > logging 10.0.0.66 > access-list 100 remark SDM_ACL Category=4 > access-list 100 permit ip 192.168.240.0 0.0.0.7 any > access-list 100 permit ip 10.0.0.0 0.0.0.255 any > snmp-server community xxxxxx RO > snmp-server packetsize 2048 > ! > ! > ! > ! > control-plane > ! > ! > ! > ! > ! > ! > ! > ! > ! > banner login ^C > ----------------------------------------------------------------------- > Backbone Router > ----------------------------------------------------------------------- > > ^C > ! > line con 0 > stopbits 1 > line aux 0 > stopbits 1 > line vty 0 4 > access-class management in > transport input ssh > line vty 5 15 > access-class management in > transport input ssh > ! > scheduler allocate 20000 1000 > ntp clock-period 17179448 > ntp server real-ip > ! > end > > //////////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////////// > > Regards. > > On Mon, 26 Nov 2007 07:23:05 -0800 (PST), Trendkill > > <jpma...(a)gmail.com> wrote: > >On Nov 26, 10:10 am, Sanal Kisi <sanalk...(a)yahoo.com> wrote: > >> Hi, > > >> We have been seeing very high CPU util values which reaches the top > >> (result of "sh processes cpu history " copied below). which were > >> reaching only to 40-50% a few months ago. > > >> This is a router which has an ATM port with a connection of 16Mbps > >> towards internet, and inside the ethernet port is connected to our > >> 6500 switch with 2500 PCs throughout the campus. > > >> Is there anything I can do about this except replacing the router with > >> a more powerful one ? > > >> Regards. > > >> ******************************************************************** > >> ******************************************************************** > >> ******************************************************************** > >> ******************************************************************** > > >> RESULT OF "sh processes cpu history" > > >> 04:47:28 PM Monday Nov 26 2007 GMT > > >> 666666666666666666666666777776666666666666666666666666666666 > >> 111144444444449999977777000004444444444777776666655555888888 > >> 100 > >> 90 > >> 80 > >> 70 *************** ********************* > >> 60 ************************************************************ > >> 50 ************************************************************ > >> 40 ************************************************************ > >> 30 ************************************************************ > >> 20 ************************************************************ > >> 10 ************************************************************ > >> 0....5....1....1....2....2....3....3....4....4....5....5....6 > >> 0 5 0 5 0 5 0 5 0 5 0 > >> CPU% per second (last 60 seconds) > > >> 789877777788878777677778778788787778878767677767677886777777 > >> 519077783637150362947640743711869995191090503483939618457350 > >> 100 * > >> 90 * * * * * > >> 80 ******** *#**** * ** ** #**#*****#*** *** ** * > >> 70 ########################################****#**#*####*#####* > >> 60 ############################################################ > >> 50 ############################################################ > >> 40 ############################################################ > >> 30 ############################################################ > >> 20 ############################################################ > >> 10 ############################################################ > >> 0....5....1....1....2....2....3....3....4....4....5....5....6 > >> 0 5 0 5 0 5 0 5 0 5 0 > >> CPU% per minute (last 60 minutes) > >> * = maximum CPU% # = average CPU% > > >> 877897443233345789998899887655333344567887888878986677433335667899878889 > > >> 699604649772625762229013267622821027779769487471085392753103364883193165 > >> 100 * > >> * > >> 90 * ** ***** ** * ** ** ** *** > >> ** > >> 80 ***** ***#****#*** ************ * *##*****# > >> 70 #**##* *#####*####** **######****#* ** **######*## > >> 60 #####* **###########* **############**#* > >> **########## > >> 50 ######* *#############** **#################* > >> ***########## > >> 40 ######*** * **###############** **##################** > >> *############ > >> 30 > >> ########*****#################****#####################****############# > >> 20 > >> ######################################################################## > >> 10 > >> ######################################################################## > > >> 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. > >> 0 5 0 5 0 5 0 5 0 5 0 5 > >> 0 > >> CPU% per hour (last 72 hours) > >> * = maximum CPU% # = average CPU% > > >What kind of config are you running? This utilization seems high, but > >need to know if its getting the full internet table, and are you > >running NAT, etc? When you do show proc cpu (without history), what are your high utilization processes?
From: Sanal Kisi on 26 Nov 2007 15:18 Below is the result of "sh proc cpu" which I obtained. The current cpu util is not very high at the moment though. ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// CPU utilization for five seconds: 72%/42%; one minute: 71%; five minutes: 71% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 552 2888 191 0.00% 0.00% 0.00% 0 Chunk Manager 2 185616 508801 364 0.00% 0.01% 0.00% 0 Load Meter 3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha 4 4 1 4000 0.00% 0.00% 0.00% 0 EDDRI_MAIN 5 2788460 296095 9417 0.00% 0.07% 0.06% 0 Check heaps 6 1072 3916 273 0.00% 0.00% 0.00% 0 Pool Manager 7 0 2 0 0.00% 0.00% 0.00% 0 Timers 8 296 42399 6 0.00% 0.00% 0.00% 0 IPC Dynamic Cach 9 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager 10 19264 2538693 7 0.00% 0.00% 0.00% 0 IPC Periodic Tim 11 17552 2538711 6 0.00% 0.00% 0.00% 0 IPC Deferred Por 12 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager 13 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure 14 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler 15 0 1 0 0.00% 0.00% 0.00% 0 Crash writer 16 139900 508563 275 0.00% 0.00% 0.00% 0 Environmental mo 17 62208 299269 207 0.00% 0.00% 0.00% 0 ARP Input 18 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer 19 4 72 55 0.00% 0.00% 0.00% 0 AAA high-capacit 20 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT 21 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager 22 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers 23 0 2 0 0.00% 0.00% 0.00% 0 Entity MIB API 24 7222580 93432384 77 0.24% 0.23% 0.24% 0 EEM ED Syslog 25 22488 508585 44 0.00% 0.00% 0.00% 0 HC Counter Timer 26 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun 27 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers 28 0 2 0 0.00% 0.00% 0.00% 0 SMART 29 24852 2543996 9 0.00% 0.00% 0.00% 0 GraphIt 30 0 2 0 0.00% 0.00% 0.00% 0 Dialer event 31 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect 32 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client 33 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_ 34 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest 35 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd 36 3693876 754571 4895 0.16% 0.13% 0.14% 0 Net Background 37 0 2 0 0.00% 0.00% 0.00% 0 IDB Work 38 9345480 27043789 345 0.32% 0.26% 0.25% 0 Logger 39 33124 2538673 13 0.00% 0.00% 0.00% 0 TTY Background 40 241316 2544091 94 0.00% 0.01% 0.00% 0 Per-Second Jobs 41 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr 42 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr 43 4884 38 128526 0.00% 0.00% 0.00% 0 rf task 44 4140 85313 48 0.00% 0.00% 0.00% 0 Net Input PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 45 29456 508811 57 0.00% 0.00% 0.00% 0 Compute load avg 46 845372 43011 19654 0.00% 0.03% 0.00% 0 Per-minute Jobs 47 0 1 0 0.00% 0.00% 0.00% 0 AggMgr Process 48 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon 49 0 1 0 0.00% 0.00% 0.00% 0 dev_device_inser 50 0 1 0 0.00% 0.00% 0.00% 0 dev_device_remov 51 3860 423854 9 0.00% 0.00% 0.00% 0 mxt5100 52 0 1 0 0.00% 0.00% 0.00% 0 sal_dpc_process 53 0 1 0 0.00% 0.00% 0.00% 0 ARL Table Manage 54 0 2 0 0.00% 0.00% 0.00% 0 ESWPPM 55 0 2 0 0.00% 0.00% 0.00% 0 Eswilp Storm Con 56 0 2 0 0.00% 0.00% 0.00% 0 ESWILPPM 57 0 2 0 0.00% 0.00% 0.00% 0 Eswilp Storm Con 58 118640 10174788 11 0.00% 0.00% 0.00% 0 Netclock Backgro 59 0 2 0 0.00% 0.00% 0.00% 0 SM Monitor 60 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN 61 0 1 0 0.00% 0.00% 0.00% 0 DSPFARM DSP READ 62 0 2 0 0.00% 0.00% 0.00% 0 FLEX DNLD MAIN 63 0 1 0 0.00% 0.00% 0.00% 0 HDV background 64 12 192 62 0.00% 0.00% 0.00% 0 CRYPTO IKMP IPC 65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA 66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP 67 13120 2538695 5 0.00% 0.00% 0.00% 0 Ether-Switch RBC 68 0 1 0 0.00% 0.00% 0.00% 0 AAL2CPS TIMER_CU 69 0 1 0 0.00% 0.00% 0.00% 0 IGMP Snooping Pr 70 0 1 0 0.00% 0.00% 0.00% 0 IGMP Snooping Re 71 488 84796 5 0.00% 0.00% 0.00% 0 Call Management 72 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi 73 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP 74 17916 257414 69 0.00% 0.00% 0.00% 0 ATM Periodic 75 0 1 0 0.00% 0.00% 0.00% 0 ATM ARP INPUT 76 21688 257960 84 0.00% 0.00% 0.00% 0 ATM OAM Input 77 18348 263630 69 0.00% 0.00% 0.00% 0 ATM OAM TIMER 78 0 2 0 0.00% 0.00% 0.00% 0 Dot11 auth Dot1x 79 0 1 0 0.00% 0.00% 0.00% 0 Dot11 Mac Auth 80 0 2 0 0.00% 0.00% 0.00% 0 dot1x 81 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol 82 13968 2538690 5 0.00% 0.00% 0.00% 0 PI MATM Aging Pr 83 1452 254347 5 0.00% 0.00% 0.00% 0 EtherChnl 84 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R 85 8 134 59 0.00% 0.00% 0.00% 0 AAA Server 86 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc 87 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr 88 29876 373334 80 0.00% 0.00% 0.00% 0 CDP Protocol 89 597460472 803703371 743 20.97% 19.69% 19.88% 0 IP Input 90 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 91 0 74 0 0.00% 0.00% 0.00% 0 TurboACL 92 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk 93 156 4237 36 0.00% 0.00% 0.00% 0 MOP Protocols 94 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks 95 212 81 2617 0.00% 0.13% 0.03% 322 SSH Process 96 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager 97 2436 339153 7 0.00% 0.00% 0.00% 0 SSS Test Client 98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana 99 123212 9936585 12 0.00% 0.00% 0.00% 0 SSS Feature Time 100 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage 101 0 1 0 0.00% 0.00% 0.00% 0 L2X Socket proce 102 0 1 0 0.00% 0.00% 0.00% 0 L2X SSS manager 103 0 2 0 0.00% 0.00% 0.00% 0 L2TP mgmt daemon 104 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana 105 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process 106 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr 107 0 1 0 0.00% 0.00% 0.00% 0 IPv6 RIB Redistr 108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA 109 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute 110 15024 84724 177 0.00% 0.00% 0.00% 0 IP Background 111 1612 42461 37 0.00% 0.00% 0.00% 0 IP RIB Update 112 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route 113 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP 114 139424 3924036 35 0.00% 0.00% 0.00% 0 CEF process 115 23712 2535102 9 0.00% 0.00% 0.00% 0 Socket Timers 116 236 6474 36 0.00% 0.00% 0.00% 0 TCP Timer 117 56 55 1018 0.00% 0.00% 0.00% 0 TCP Protocols 118 0 1 0 0.00% 0.00% 0.00% 0 COPS 119 4 2 2000 0.00% 0.00% 0.00% 0 L2MM 120 0 1 0 0.00% 0.00% 0.00% 0 MRD 121 0 1 0 0.00% 0.00% 0.00% 0 IGMPSN 122 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce 123 0 2 0 0.00% 0.00% 0.00% 0 DDP 124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers 125 0 2 0 0.00% 0.00% 0.00% 0 ILMI Input 126 0 2 0 0.00% 0.00% 0.00% 0 ILMI Request 127 0 2 0 0.00% 0.00% 0.00% 0 ILMI Response 128 80744 1270679 63 0.00% 0.00% 0.00% 0 ILMI Timer Proce 129 4 2 2000 0.00% 0.00% 0.00% 0 ATM PVC Discover 130 0 2 0 0.00% 0.00% 0.00% 0 SSCOP Input 131 0 2 0 0.00% 0.00% 0.00% 0 SSCOP Output 132 420 42411 9 0.00% 0.00% 0.00% 0 SSCOP Timer 133 0 2 0 0.00% 0.00% 0.00% 0 ATMSIG ILMI Time 134 0 2 0 0.00% 0.00% 0.00% 0 ATMSIG DRIVERAPI 135 25972 2538690 10 0.00% 0.00% 0.00% 0 ATMSIG Timer 136 0 2 0 0.00% 0.00% 0.00% 0 ATMSIG Input PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 137 0 2 0 0.00% 0.00% 0.00% 0 ATMSIG Client 138 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces 139 0 1 0 0.00% 0.00% 0.00% 0 IUA Main Process 140 32128 2538704 12 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc 141 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers 142 12584 2538698 4 0.00% 0.00% 0.00% 0 bsm_xmt_proc 143 0 1 0 0.00% 0.00% 0.00% 0 CES Client SVC R 144 363792 5070201 71 0.00% 0.02% 0.00% 0 DHCPD Receive 145 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder 146 185500 42391 4375 0.00% 0.00% 0.00% 0 IP Cache Ager 147 7544 42402 177 0.00% 0.00% 0.00% 0 Adj Manager 148 88 8482 10 0.00% 0.00% 0.00% 0 HTTP CORE 149 0 1 0 0.00% 0.00% 0.00% 0 RARP Input 150 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall 151 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background 152 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind 153 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS 154 354256 24969901 14 0.00% 0.02% 0.02% 0 RBSCP Background 155 60466848 169323130 357 5.48% 5.91% 5.57% 0 Inspect Timer 156 428 21200 20 0.00% 0.00% 0.00% 0 DHCPD Timer 157 112 8480 13 0.00% 0.00% 0.00% 0 Authentication P 158 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B 159 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLE 160 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest 161 0 1 0 0.00% 0.00% 0.00% 0 IPS Timer 162 4 2 2000 0.00% 0.00% 0.00% 0 SDEE Management 163 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim 164 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc 165 0 3 0 0.00% 0.00% 0.00% 0 Crypto HW Proc 166 100 2 50000 0.00% 0.00% 0.00% 0 CCVPM_HDSPRM 167 15568 940826 16 0.00% 0.00% 0.00% 0 FLEX DSPRM MAIN 168 5676 940824 6 0.00% 0.00% 0.00% 0 FLEX DSP KEEPALI 169 1276 101762 12 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_ 170 0 4 0 0.00% 0.00% 0.00% 0 HDA DSPRM MAIN 171 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA 172 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr 173 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke 174 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA 175 340 2843 119 0.00% 0.00% 0.00% 0 LOCAL AAA 176 0 2 0 0.00% 0.00% 0.00% 0 TPLUS 177 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR 178 0 1 0 0.00% 0.00% 0.00% 0 encrypt proc 179 0 3 0 0.00% 0.00% 0.00% 0 Crypto WUI 180 124 842 147 0.00% 0.00% 0.00% 0 Crypto Support 181 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_HTSP 182 0 2 0 0.00% 0.00% 0.00% 0 VPM_MWI_BACKGROU PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 183 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2 184 32 2827 11 0.00% 0.00% 0.00% 0 FB/KS Log HouseK 185 4 2 2000 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr 186 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE 187 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ 188 0 1 0 0.00% 0.00% 0.00% 0 http client proc 190 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN 191 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN 192 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA 193 0 7 0 0.00% 0.00% 0.00% 0 crypto engine pr 194 228 4 57000 0.00% 0.00% 0.00% 0 Crypto CA 195 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL 196 0 1 0 0.00% 0.00% 0.00% 0 Crypto SSL 197 4 134 29 0.00% 0.00% 0.00% 0 Crypto ACL 198 0 2 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce 199 0 1 0 0.00% 0.00% 0.00% 0 Crypto INT 200 848 1788 474 0.00% 0.00% 0.00% 0 Crypto IKMP 201 1560 127258 12 0.00% 0.00% 0.00% 0 IPSEC key engine 202 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key 203 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc 204 0 17 0 0.00% 0.00% 0.00% 0 Crypto Delete Ma 205 0 2 0 0.00% 0.00% 0.00% 0 Key Proc 206 20896 2544003 8 0.00% 0.00% 0.00% 0 Crypto Device Up 207 0 2 0 0.00% 0.00% 0.00% 0 Multi-ISA Event 208 0 1 0 0.00% 0.00% 0.00% 0 Multi-ISA Cleanu 209 0 1 0 0.00% 0.00% 0.00% 0 PM Callback 210 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr 211 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector 212 12 184 65 0.00% 0.00% 0.00% 0 AAA SEND STOP EV 213 0 3 0 0.00% 0.00% 0.00% 0 EEM ED CLI 214 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Counter 215 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Interface 216 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD 217 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Memory-th 218 0 2 0 0.00% 0.00% 0.00% 0 EEM ED None 219 0 2 0 0.00% 0.00% 0.00% 0 EM ED OIR 220 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP 221 576 42490 13 0.00% 0.00% 0.00% 0 EEM ED Timer 222 7748 518080 14 0.00% 0.00% 0.00% 0 EEM Server 223 1464 254348 5 0.00% 0.00% 0.00% 0 RMON Recycle Pro 224 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se 225 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps 226 22564 2530439 8 0.00% 0.00% 0.00% 0 trunk conditioni 227 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni 228 4 2 2000 0.00% 0.00% 0.00% 0 VLAN Manager 229 228 42404 5 0.00% 0.00% 0.00% 0 DHCPD Database PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 230 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc 231 77020984 29811994 2583 2.61% 2.44% 2.43% 0 Syslog 232 0 1 0 0.00% 0.00% 0.00% 0 VPDN Scal 233 2384 88218 27 0.00% 0.00% 0.00% 0 CEF Scanner 234 0 1 0 0.00% 0.00% 0.00% 0 tHUB 235 0 2 0 0.00% 0.00% 0.00% 0 tENM 236 180 1415 127 0.00% 0.00% 0.00% 0 SSH Event handle 238 13749824 5126990 2681 0.65% 0.68% 0.67% 0 IP NAT Ager 239 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN 240 2252 98964 22 0.00% 0.00% 0.00% 0 IP VFR proc 241 33192 103549 320 0.00% 0.00% 0.00% 0 IP SNMP 242 7648 51892 147 0.00% 0.00% 0.00% 0 PDU DISPATCHER 243 42664 51899 822 0.00% 0.00% 0.00% 0 SNMP ENGINE 244 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro 245 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps 246 4453240 79637964 55 0.16% 0.14% 0.16% 0 NAT MIB Helper 247 47720 2544023 18 0.00% 0.00% 0.00% 0 NTP 248 473956 2065 229518 0.00% 0.00% 0.00% 0 crypto sw pk pro ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// On Mon, 26 Nov 2007 11:51:55 -0800 (PST), Trendkill <jpmason(a)gmail.com> wrote: >On Nov 26, 2:34 pm, Sanal Kisi <sanalk...(a)yahoo.com> wrote: >> Yes, >> >> There are plenty of NAT and access lists available. >> >> Below is a stripped version of the configuration. >> >> Thanks in advance. >> >> conf. >> //////////////////////////////////////////////////////////////////////////// >> //////////////////////////////////////////////////////////////////////////// >> >> Building configuration... >> >> Current configuration : 22455 bytes >> ! >> version 12.4 >> service timestamps debug datetime localtime >> service timestamps log datetime localtime >> no service password-encryption >> ! >> hostname xxxxx >> ! >> boot-start-marker >> boot system flash c3825-advipservicesk9-mz.124-10b.bin >> boot-end-marker >> ! >> logging buffered 51200 warnings >> no logging console >> enable secret xxxxxxxxxxxxx >> ! >> aaa new-model >> ! >> ! >> aaa authentication login default local >> aaa authentication login sdm_vpn_xauth_ml_1 local >> aaa authentication login sdm_vpn_xauth_ml_2 local >> aaa authentication login sdm_vpn_xauth_ml_3 local >> aaa authorization exec default local >> aaa authorization network sdm_vpn_group_ml_1 local >> aaa authorization network sdm_vpn_group_ml_2 local >> aaa authorization network sdm_vpn_group_ml_3 local >> ! >> aaa session-id common >> clock timezone GMT 2 >> no ip source-route >> ip cef >> ! >> ! >> ! >> ! >> ip domain name domain.com >> ip name-server 10.0.0.9 >> ip name-server 10.0.0.46 >> ip inspect max-incomplete high 1600 >> ip inspect max-incomplete low 1200 >> ip inspect one-minute high 2000000000 >> ip inspect one-minute low 1000000000 >> ip inspect name firewall cuseeme timeout 3600 >> ip inspect name firewall ftp timeout 3600 >> ip inspect name firewall rcmd timeout 3600 >> ip inspect name firewall realaudio timeout 3600 >> ip inspect name firewall tftp timeout 30 >> ip inspect name firewall tcp timeout 3600 >> ip inspect name firewall udp timeout 15 >> ip ips sdf location flash://256MB.sdf >> ip ips notify SDEE >> ! >> voice-card 0 >> no dspfarm >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> >> ! >> ! >> crypto pki certificate chain TP-self-signed-4150674149 >> certificate self-signed 01 >> 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 >> 04050030 >> . >> . >> quit >> username zxxxxxxxxxxxxxxxxxxxxxxxxxx >> ! >> ! >> ! >> crypto isakmp policy 1 >> encr 3des >> authentication pre-share >> group 2 >> ! >> crypto isakmp client configuration group our-vpn >> key xxxxxxx23 >> pool SDM_POOL_1 >> acl 100 >> netmask 255.255.255.248 >> ! >> ! >> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac >> ! >> crypto dynamic-map SDM_DYNMAP_1 1 >> set transform-set ESP-3DES-SHA >> reverse-route >> ! >> crypto dynamic-map SDM_DYNMAP_2 1 >> set transform-set ESP-3DES-SHA >> reverse-route >> ! >> ! >> crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2 >> crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2 >> crypto map SDM_CMAP_1 client configuration address respond >> crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 >> ! >> crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_3 >> crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_3 >> crypto map SDM_CMAP_2 client configuration address respond >> crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 >> ! >> ! >> ! >> ! >> interface GigabitEthernet0/0 >> description FW_INSIDE >> ip address 192.168.240.1 255.255.255.248 >> ip access-group sdm_gigabitethernet0/0_in in >> ip nat inside >> ip inspect firewall in >> ip virtual-reassembly >> load-interval 30 >> duplex auto >> speed auto >> media-type rj45 >> no keepalive >> crypto map SDM_CMAP_2 >> ! >> interface GigabitEthernet0/1 >> description FW_DMZ >> ip address external-ip >> ip nat outside >> ip virtual-reassembly >> load-interval 30 >> duplex auto >> speed auto >> media-type rj45 >> no keepalive >> ! >> interface ATM1/0 >> bandwidth 34000 >> no ip address >> load-interval 30 >> atm ilmi-keepalive >> ! >> interface ATM1/0.32 point-to-point >> description FW_OUTSIDE >> ip address external-router-ip >> ip access-group sdm_ATM1/0_32_in in >> ip nat outside >> ip inspect firewall in >> ip virtual-reassembly max-reassemblies 1024 >> no snmp trap link-status >> crypto map SDM_CMAP_1 >> pvc ttnet 0/32 >> oam-pvc manage >> encapsulation aal5snap >> ! >> ! >> ip local pool SDM_POOL_1 192.168.240.5 192.168.240.6 >> ip route 0.0.0.0 0.0.0.0 real-ip >> ip route 10.0.0.0 255.0.0.0 192.168.240.2 >> ip route 172.16.0.0 255.255.0.0 192.168.240.2 >> ip route 192.168.0.0 255.255.0.0 192.168.240.2 >> ! >> ! >> no ip http server >> ip http authentication local >> ip http secure-server >> ip http timeout-policy idle 5 life 86400 requests 10000 >> ip nat log translations syslog >> ip nat translation max-entries all-host 100 >> >> /////// >> 30 lines of ip nat pool, one for each subnet >> /////// >> >> /////// >> 30 lines of ip nat translations, one for each subnet >> /////// >> >> /////// >> 50 lines of ip nat translations to real IP's >> /////// >> >> ! >> >> /////// >> 30 access lists, one per subnet >> /////// >> >> /////// >> aprx 60-70 permit-denys >> /////// >> >> ! >> logging trap debugging >> logging facility local6 >> logging source-interface GigabitEthernet0/0 >> logging 10.0.0.66 >> access-list 100 remark SDM_ACL Category=4 >> access-list 100 permit ip 192.168.240.0 0.0.0.7 any >> access-list 100 permit ip 10.0.0.0 0.0.0.255 any >> snmp-server community xxxxxx RO >> snmp-server packetsize 2048 >> ! >> ! >> ! >> ! >> control-plane >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> ! >> banner login ^C >> ----------------------------------------------------------------------- >> Backbone Router >> ----------------------------------------------------------------------- >> >> ^C >> ! >> line con 0 >> stopbits 1 >> line aux 0 >> stopbits 1 >> line vty 0 4 >> access-class management in >> transport input ssh >> line vty 5 15 >> access-class management in >> transport input ssh >> ! >> scheduler allocate 20000 1000 >> ntp clock-period 17179448 >> ntp server real-ip >> ! >> end >> >> //////////////////////////////////////////////////////////////////////////// >> //////////////////////////////////////////////////////////////////////////// >> >> Regards. >> >> On Mon, 26 Nov 2007 07:23:05 -0800 (PST), Trendkill >> >> <jpma...(a)gmail.com> wrote: >> >On Nov 26, 10:10 am, Sanal Kisi <sanalk...(a)yahoo.com> wrote: >> >> Hi, >> >> >> We have been seeing very high CPU util values which reaches the top >> >> (result of "sh processes cpu history " copied below). which were >> >> reaching only to 40-50% a few months ago. >> >> >> This is a router which has an ATM port with a connection of 16Mbps >> >> towards internet, and inside the ethernet port is connected to our >> >> 6500 switch with 2500 PCs throughout the campus. >> >> >> Is there anything I can do about this except replacing the router with >> >> a more powerful one ? >> >> >> Regards. >> >> >> ******************************************************************** >> >> ******************************************************************** >> >> ******************************************************************** >> >> ******************************************************************** >> >> >> RESULT OF "sh processes cpu history" >> >> >> 04:47:28 PM Monday Nov 26 2007 GMT >> >> >> 666666666666666666666666777776666666666666666666666666666666 >> >> 111144444444449999977777000004444444444777776666655555888888 >> >> 100 >> >> 90 >> >> 80 >> >> 70 *************** ********************* >> >> 60 ************************************************************ >> >> 50 ************************************************************ >> >> 40 ************************************************************ >> >> 30 ************************************************************ >> >> 20 ************************************************************ >> >> 10 ************************************************************ >> >> 0....5....1....1....2....2....3....3....4....4....5....5....6 >> >> 0 5 0 5 0 5 0 5 0 5 0 >> >> CPU% per second (last 60 seconds) >> >> >> 789877777788878777677778778788787778878767677767677886777777 >> >> 519077783637150362947640743711869995191090503483939618457350 >> >> 100 * >> >> 90 * * * * * >> >> 80 ******** *#**** * ** ** #**#*****#*** *** ** * >> >> 70 ########################################****#**#*####*#####* >> >> 60 ############################################################ >> >> 50 ############################################################ >> >> 40 ############################################################ >> >> 30 ############################################################ >> >> 20 ############################################################ >> >> 10 ############################################################ >> >> 0....5....1....1....2....2....3....3....4....4....5....5....6 >> >> 0 5 0 5 0 5 0 5 0 5 0 >> >> CPU% per minute (last 60 minutes) >> >> * = maximum CPU% # = average CPU% >> >> >> 877897443233345789998899887655333344567887888878986677433335667899878889 >> >> >> 699604649772625762229013267622821027779769487471085392753103364883193165 >> >> 100 * >> >> * >> >> 90 * ** ***** ** * ** ** ** *** >> >> ** >> >> 80 ***** ***#****#*** ************ * *##*****# >> >> 70 #**##* *#####*####** **######****#* ** **######*## >> >> 60 #####* **###########* **############**#* >> >> **########## >> >> 50 ######* *#############** **#################* >> >> ***########## >> >> 40 ######*** * **###############** **##################** >> >> *############ >> >> 30 >> >> ########*****#################****#####################****############# >> >> 20 >> >> ######################################################################## >> >> 10 >> >> ######################################################################## >> >> >> 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. >> >> 0 5 0 5 0 5 0 5 0 5 0 5 >> >> 0 >> >> CPU% per hour (last 72 hours) >> >> * = maximum CPU% # = average CPU% >> >> >What kind of config are you running? This utilization seems high, but >> >need to know if its getting the full internet table, and are you >> >running NAT, etc? > >When you do show proc cpu (without history), what are your high >utilization processes?
|
Next
|
Last
Pages: 1 2 Prev: Problem with VPN on ASA 5505 Next: PIX 501: DHCP on outside interface will not renew |