high IP Input CPU on 3725 router

Discussion in 'Cisco' started by Gary, Jan 19, 2006.

  1. Gary

    Gary Guest

    We have basic network like this.

    pix to router to P2P Link (G703 2MB) to Router to Pix
    A VPN runs across this link and all looks good until we start to pass
    traffic across the VPN.

    Logging of debug ip packet details shows one of these evry 4ms or so

    *Mar 1 06:02:31.113 GMT: IP: s100.200.90.77 (FastEthernet0/0),
    d=100.200.71.130 (Serial0/0:0), g=100.200.90.73, len 96, forward, proto=50
    *Mar 1 06:02:31.113 GMT: IP: tableid=0, s=10.16.16.77 (FastEthernet0/0),
    d=100.200.71.130 (Serial0/0:0), routed via FIB

    Why is this pushing the CPU to 100%

    Gary
     
    Gary, Jan 19, 2006
    #1
    1. Advertisements

  2. Gary

    Gary Guest

    We also see a massive number of NAT (10K plus) entries as below.
    Pro Inside global Inside local Outside local Outside global
    esp 100.200.90.77:0 10.16.16.77:0 100.200.71.130:64510
    100.200.71.130:FBFE

    There is really only 2 NAT statements for inbound connections through to the
    PIX firewall and that is it. We overload outbound connections on the serial
    interrface?

    NAT Staements are
    ip nat inside source static tcp 10.16.16.77 100.200.90.77 extendable

    IOS is c3725-ipbase-mz.123-9d.bin

    Gary
     
    Gary, Jan 19, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.