|
Question : Cisco 2611 Crypto IKMP Memory Problem
|
|
Hi,
I have two Cisco 2611 VPN Access routers, each with several IPSEC GRE tunnels and servicing dynamic VPN Clients (using Cisco VPN Client 4.0)
Two weeks ago both routers locked up, with no telnet access, and attempts to Console in we rejected with "Not enough Memory, please try again later". A reboot cleared this problem, but since that I have been monitoring the 'Processor Memory' of each router, using the 'sh proc mem sort' command, it is easy to spot that the Crypto IKMP is eating up memory. Below is the output:
Total: 50609192, Used: 23175320, Free: 27433872
Total: 50609192, Used: 23175320, Free: 27433872
PID TTY Allocated Freed Holding Getbufs Retbufs Process
110 0 373375560 358003524 16058180 780 0 Crypto IKMP
0 0 148760 1848 4648980 0 0 *Init*
111 0 2082644 1479876 223572 0 0 IPSEC key engine
136 0 99659428 99520896 179404 0 0 IP-EIGRP Router
43 0 7517420 11440 64324 1054440 18240 IP Input
113 0 53116 320 59672 0 0 CRYPTO QoS proce
6 0 1768044 1293952 50548 430700 1525568 Pool Manager
109 0 8696 470372 33572 0 0 Crypto ACL
From this you can see that the Crypto IKMP is holding 16058180, 3 days ago the Holding Memory status of the Crytpo IKMP was only 5232460 and now is the top memory consumer. Is there any commands I can use to debug this further? Could this be due to a config error on one of the IKMP statement? Are there any Logging commands I can use. I have looked round Cisco's site for some clues, but have been unsuccessful so far.
Our Clients using the Cisco VPN client 4.0 are also constantly being disconnected with 'Remote Peer is no longer responding', could these be linked?
Any pointers will be gratefully accepted.
Thanks
Kris
|
Answer : Cisco 2611 Crypto IKMP Memory Problem
|
|
|
|
|
|
|
|
