Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
11121314151617181920
21
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
Configuring a VPN Using the VPN Module
These sections describe how to configure a VPN using the VPN module:
Hardware- and Software-Based Cryptographic Modes, page 21
Configuration Summaries, page 23
VPN Module Configuration Guidelines, page 25
Port Configuration Procedures, page 51
Configuring a VPN Access Port Connection, page 52
Configuring a VPN Routed Port Connection, page 54
Configuring a VPN Trunk Port Connection, page 55
Displaying the VPN Running State, page 58
Configuration Examples, page 58
Access Ports, page 58
Routed Ports, page 63
Trunk Ports, page 68
ATM Ports, page 73
Frame Relay Ports, page 79
GRE Tunneling, page 86
HSRP, page 88
QoS, page 94
Tip To ensure a successful configuration of your VPN using the VPN module, read all of the configuration
summaries and guidelines before you perform any configuration tasks.
Hardware- and Software-Based Cryptographic Modes
When the VPN module is configured and active in the chassis, software encryption by the MSFC2 is
disabled. This mode of operation is referred to as hardware-based cryptographic mode. In
hardware-based cryptographic mode, any software-based cryptographic configurations that use the
MSFC2 have an undefined or unspecified effect. In hardware-based cryptographic mode, if you associate
a crypto ACL with a non-VLAN interface, packets do not get encrypted or dropped. You need to remove
the software-based cryptographic configuration from the interface and then configure the interface
correctly for hardware-based cryptographic operation with the VPN module.
Transitioning In and Out of Hardware-Based Cryptographic Mode
When you add the crypto connect vlan command to the running configuration, you enter
hardware-based cryptographic mode. When you remove the last crypto connect vlan command from
the running configuration (using the no crypto connect vlan command), you exit the hardware-based
cryptographic mode.