high IP Input CPU on 3725 router

We have basic network like this.

pix to router to P2P Link (G703 2MB) to Router to Pix A VPN runs across this link and all looks good until we start to pass traffic across the VPN.

Logging of debug ip packet details shows one of these evry 4ms or so

*Mar 1 06:02:31.113 GMT: IP: s100.200.90.77 (FastEthernet0/0), d=100.200.71.130 (Serial0/0:0), g=100.200.90.73, len 96, forward, proto=50 *Mar 1 06:02:31.113 GMT: IP: tableid=0, s=10.16.16.77 (FastEthernet0/0), d=100.200.71.130 (Serial0/0:0), routed via FIB

Why is this pushing the CPU to 100%

Gary

Reply to
Gary
Loading thread data ...

We also see a massive number of NAT (10K plus) entries as below. Pro Inside global Inside local Outside local Outside global esp 100.200.90.77:0 10.16.16.77:0 100.200.71.130:64510

100.200.71.130:FBFE

There is really only 2 NAT statements for inbound connections through to the PIX firewall and that is it. We overload outbound connections on the serial interrface?

NAT Staements are ip nat inside source static tcp 10.16.16.77 100.200.90.77 extendable

IOS is c3725-ipbase-mz.123-9d.bin

Gary

Reply to
Gary

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.