Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
21222324252627282930
33
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
Configuring the VPN Module Inside Port and Outside Port
Follow these guidelines for configuring the VPN module inside port and outside port:
Do not configure the VPN module outside port. Cisco IOS software configures the port
automatically.
Do not change the port characteristics of the VPN module inside port. If you accidentally change
the port characteristics, enter the following commands to return the port characteristics to the
defaults:
Router(config-if)# switchport
Router(config-if)# no switchport access vlan
Router(config-if)# switchport trunk allowed vlan 1,1002-1005
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport mode trunk
Do not remove a VLAN from the VPN module inside port. The running traffic stops when you
remove an interface VLAN from the VPN module inside port while the crypto connection to the
interface VLAN exists. The crypto connection is not removed and the crypto connect vlan
command still shows up in the show running-config command display. If you enter the write
memory command with this running configuration, your startup-configuration file would be
misconfigured.
Note With Cisco IOS Release 12.2(14)SY, it is no longer possible to remove an interface VLAN
from the VPN module inside port while the crypto connection to the interface VLAN exists.
You must first remove the crypto connection.
Do not remove a VLAN from the VPN module outside port. The running traffic stops when you
remove a port VLAN from the VPN module outside port while the crypto connection to the interface
VLAN exists. The crypto connection is not removed and the crypto connect vlan command still
shows up in the show running-config command display. Removing a VLAN from the VPN module
outside port does not affect anything in the startup-configuration file because the port VLAN is
automatically added to the VPN module outside port when the crypto connect vlan command is
entered.
Using Multiple VPN Modules in a Chassis
Note This section applies to VPN modules running Cisco IOS Release 12.2(14)SY or later releases.
Follow these guidelines when configuring multiple VPN modules in a chassis:
You can deploy up to ten VPN modules in a single chassis, with the restriction that no more than
one VPN module may be used to perform IPSec services for any given interface VLAN.
Note that using the no switchport command followed by the switchport command re-adds all
VLANs to a trunk port (this situation occurs when you are first switching to a routed port and then
back to a switch port). For detailed information on configuring trunks, see the “Trunks” section in
the “Interaction with Other Features” section on page 25.