March 12, 2004
Cisco 7200 Series Router with an Integrated Services Adapter (ISA) Module installed
Cisco 7200 series routers with an Integrated Services Adapter (ISA) installed and running any IOS image in the following trains - 12.1E, 12.2, 12.2T, 12.3 or 12.3T - will fail to utilize the hardware encryption engine if the Input/Output (I/O) memory is changed to 40MB.
All of the following values have been tested and verified to work:
16MB, 32MB, 64MB, and 128MB (where possible).
Support for different I/O memory sizes was added to the 7200 platform. Due to software bug CSCed72623 (registered customers only) , setting the I/O memory size to 40MB causes hardware encryption/decryption to fail.
Customers experiencing this issue will see a drastic performance decrease when trying to encrypt/decrypt their specified traffic.
In order to verify the above issue is occurring, first check to see if the hardware matches the above criteria and that the IOS image is within one of the following trains:
12.1E, 12.2, 12.2T, 12.3 or 12.3T.
Next, verify that the memory-size iomem 40 command has been configured.
Verify whether the ISA card is functioning by issuing the show crypto card slot x command (where x is the slot number of the installed ISA card) and that the system is using it for encryption by issuing the show crypto engine brief command. If the show crypto engine brief command returns the value of "software", it is a good indication this issue is occurring.
The workaround is to change the I/O memory size back to default or any of the following values:
16MB, 32MB, 64MB or 128MB (where possible). This can be accomplished by issuing the memory-size iomem x (where x is the size of the I/O memory).
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
CSCed72623 (registered customers only)
Hardware encyrption does not work with different iomem sizes
Cisco IOS Versions Affected
12.1E, 12.2, 12.2T, 12.3 and 12.3T trains
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.