各位大神,
现在公司有一个路由器。 型号ASR4450 IOS版本是isr4400-universalk9.03.16.06.S.155-3.S6-ext.SPA.bin. 目前有个怪异的现象,CPU居高不下,同时所有tunnel会断。 抓了EEM出来发现最高的进程是ceypto ikev2,路由器之前是更新过证书,但是平稳运行了数日,之后每天都会出现上述情况。
log里全是crypto的报警 如下
Jan 31 03:13:22.380: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 201.217.220.90 (type 1) and certificate addr with
.Jan 31 03:13:22.380: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 201.217.220.90 (type 1) and certificate addr with
.Jan 31 03:13:22.396: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 190.215.112.26 (type 1) and certificate addr with
.Jan 31 03:13:22.396: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 190.215.112.26 (type 1) and certificate addr with
.Jan 31 03:13:22.996: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 181.10.198.106 (type 1) and certificate addr with
.Jan 31 03:13:22.996: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 181.10.198.106 (type 1) and certificate addr wit
目前找思科TAC,并没有什么太好的解决方案,请问各位大神有没有遇到过这种情况。如果是证书问题,又该如何检查呢。
PS.证书并没有过期
谢谢!