Support User Manuals

Cisco Systems C7200 Network Cables User Manual

Open as PDF

of 62

4-21

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

OL-9129-02

Chapter 4 Configuring the VSA

Troubleshooting Tips

A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec

peer):

crypto map toRemoteSite 10 ipsec-isakmp

match address 101

set peer 10.0.0.3

set transform-set auth1

The crypto map is applied to an interface:

interface Serial0

ip address 10.2.2.3

crypto map toRemoteSite

An IPSec access list defines which traffic to protect:

access-list 101 permit ip host 10.2.2.2 host 10.0.0.2

access-list 101 permit ip host 10.2.2.3 host 10.0.0.3

Troubleshooting Tips

To verify that Cisco IOS software has recognized the VSA, enter the show diag command and check the

output. In the following example, the IOS software recognizes the C7200-VSA, which is found in slot 0

in the router.

Router# show diag 0

Slot 0:

VSA IPsec Card Port adapter

Port adapter is analyzed

Port adapter insertion time 00:23:25 ago

EEPROM contents at hardware discovery:

PCB Serial Number : PRTA4404055

Product (FRU) Number : C7200-VSA

EEPROM format version 4

EEPROM contents (hex):

0x00: 04 FF C1 8B 50 52 54 41 34 34 30 34 30 35 35 40

0x10: 05 0D CB 94 43 37 32 30 30 2D 56 53 41 20 20 20

0x20: 20 20 20 20 20 20 20 20 D9 03 C1 40 CB FF FF FF

0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

To see if the VSA is currently processing crypto packets, enter the show crypto engine accelerator

statistic 0 command. The following is sample output:

Router# show crypto engine accelerator statistic 0

Device: VSA

Location: Service Adapter: 0

VSA Traffic Statistics

Inbound rate: 0pps 0kb/s Outbound rate: 0pps 0kb/s

TXR0 PKT: 0x00000000000028B2 Byte: 0x000000000006ACF6 Full: 0x0000000000000000

RXR0 PKT: 0x00000000000028B2 Byte: 0x0000000000A86398

TXR1 PKT: 0x0000000000000000 Byte: 0x0000000000000000 Full: 0x0000000000000000

RXR1 PKT: 0x0000000000000000 Byte: 0x0000000000000000

TXR2 PKT: 0x0000000000000000 Byte: 0x0000000000000000 Full: 0x0000000000000000

RXR2 PKT: 0x0000000000000000 Byte: 0x0000000000000000

Inbound Traffic:

previous next