high IP Input CPU on 3725 router

Discussion in 'Cisco' started by Gary, Jan 19, 2006.

    We have basic network like this.

    pix to router to P2P Link (G703 2MB) to Router to Pix
    A VPN runs across this link and all looks good until we start to pass
    traffic across the VPN.

    Logging of debug ip packet details shows one of these evry 4ms or so

    *Mar 1 06:02:31.113 GMT: IP: s100.200.90.77 (FastEthernet0/0),
    d= (Serial0/0:0), g=, len 96, forward, proto=50
    *Mar 1 06:02:31.113 GMT: IP: tableid=0, s= (FastEthernet0/0),
    d= (Serial0/0:0), routed via FIB

    Why is this pushing the CPU to 100%

    Gary, Jan 19, 2006
    We also see a massive number of NAT (10K plus) entries as below.
    Pro Inside global Inside local Outside local Outside global

    There is really only 2 NAT statements for inbound connections through to the
    PIX firewall and that is it. We overload outbound connections on the serial

    NAT Staements are
    ip nat inside source static tcp extendable

    IOS is c3725-ipbase-mz.123-9d.bin

    Gary, Jan 19, 2006
