Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module

IPSec VPN Acceleration Services Module Installation and Configuration Note

78-14459-03 Rev C0

Supported Features

Port VLAN 501 and port VLAN 502 are the port VLANs that are associated with the Catalyst switch

outside ports W1 and W2.

Interface VLAN 1 and interface VLAN 2 are the interface VLANs that correspond to port VLAN 501

and port VLAN 502.

You configure the IP address, ACLs, and crypto map that apply to the Catalyst switch outside port W1

on interface VLAN 1. You configure the features that apply to the Catalyst switch outside port W2 on

interface VLAN 2.

Packets coming from the WAN through port W1 (port W1 belongs to port VLAN 501) are directed by

the PFC2 to the VPN module outside port. The VPN module decrypts the packets and changes the VLAN

to interface VLAN 1 and then presents the packet to the router through the VPN module inside port. The

PFC2 then routes the packet to the proper destination.

Packets going from the LAN to the outside ports are first routed by the PFC2. Based on the route, the

PFC2 routes the packets to one of the interface VLANs and directs the packet to the VPN module inside

port. The VPN module applies the cryptographic policies that are configured on the corresponding

interface VLAN, encrypts the packet, changes the VLAN ID to the corresponding port VLAN, and sends

the packet to the Catalyst switch outside port through the VPN module outside port.

Supported Features

These sections list the supported features for the VPN module:

• Supported Features in Release 12.2(9)YO4 and Release 12.2(14)SY, page 5

• Supported Features in Release 12.2(14)SY, page 6

Supported Features in Release 12.2(9)YO4 and Release 12.2(14)SY

The VPN module supports the following features in Cisco IOS Release 12.2(9)YO4 and later releases

and Cisco IOS Release 12.2(14)SY and later releases:

• IPSec support through Cisco IOS software and the VPN module

–

Certificate Authorities/Public Key Infrastructure (CA/PKI) support

• Tunneling protocols

–

IPSec (IPv4) tunnel and transport modes (RFC 2401)

• IPSec encryption/decryption

–

DES/3DES

–

HMAC-SHA-1

–

HMAC-MD5

• Internet Key Exchange (IKE) acceleration

–

Perfect Forward Secrecy (PFS)

–

RSA encryption

–

RSA signature

–

Diffie-Hellman groups 1, 2, 5

• Interoperability—Interoperable with all Cisco IOS and appliance platforms