Filter
Top Products
CHAPTER
8-1
Cisco 7600 Series Routers Module Guide
OL-9392-04
8
IPSec VPN Acceleration Services Module
This chapter describes the IPSec VPN Acceleration Services Module (WS-SVC-IPSEC-1).
The IPSec VPN Acceleration Services module is a Gigabit Ethernet IPSec cryptographic module that
you can install in the Cisco 7600 series routers. (See Figure 8-1.) The VPN module provides
bump-in-the-wire (BITW) IPSec implementation using VLANs.
Note BITW is an IPSec implementation that starts egress packet processing after the IP stack has finished with
the packet, and completes ingress packet processing before the IP stack receives the packet.
Note Specific combinations of supervisor engines and modules may not be supported in your chassis. Refer
to the release notes of the software version running on your system for specific information on modules
and supervisor engine combinations that are not supported.
Figure 8-1 IPSec VPN Acceleration Services Module (WS-SVC-IPSEC-1)
Configuring VPNs using the VPN module is similar to configuring VPNs on routers running Cisco IOS
software. When you configure VPNs with the VPN module, you attach crypto maps to VLANs (using
interface VLANs); when you configure VPNs on routers running Cisco IOS software, you configure
individual interfaces.
Note With the VPN module, crypto maps are still attached to individual interfaces, but the set of interfaces
allowed is restricted to “interface VLANs.”
When you configure a VPN on the Cisco routers, a packet is sent to a routed interface that is associated
with an IP address. If the interface has an attached crypto map, the software checks that the packet is on
an access control list (ACL) specified by the crypto map. If a match occurs, the packet is transformed
(encrypted) before it is routed to the appropriate IPSec peer; otherwise, the packet is routed in the clear
(unencrypted) state.
STATUS
77113
STATUS LED
IPSec VPN Acceleration Services Module
WS-SVC-IPSEC-1