Cisco Systems OL-9392-04 Switch User Manual

Open as PDF

of 2

8-2

Cisco 7600 Series Routers Module Guide

OL-9392-04

Chapter 8 IPSec VPN Acceleration Services Module

When you configure the VPN module, the same cryptographic operations are performed as on Cisco

routers. The VPN module’s implementation of VPN is generally the same as on Cisco routers other than

the use of interface VLANs and some configuration guidelines specific to the VPN module.

Note For detailed information on Cisco IOS IPSec cryptographic operations and policies, refer to the “IP

Security and Encryption” section of the Cisco IOS Security Configuration Guide, Release 12.2.

When you configure the VPN module on the Cisco 7600 series routers, you ensure that all packets

coming from or going to the Internet pass through the VPN module. The VPN module has an extensive

set of policies that validate a packet before the packet is sent onto the local (trusted) LAN. The VPN

module can use multiple Fast Ethernet or Gigabit Ethernet ports on other Cisco 7600 series routers

modules to connect to the Internet. Packets received from the WAN routers pass through the VPN module

for IPSec processing.

On the local LAN side, traffic between the LAN ports can be routed or bridged on multiple Fast Ethernet

or Gigabit Ethernet ports. Because the local LAN traffic is not encrypted or decrypted, it does not pass

though the VPN module.

The VPN module does not maintain routing information, route, or change the MAC header of a packet

(except for the VLAN ID from one VLAN to another).

The front panel LED on the IPSec VPN Acceleration Services Module is described in Table 8-1.

For further information on the IPSec VPN Acceleration Services Module, refer to the IPSec VPN

Acceleration Services Module Installation and Configuration Note.

Table 8-1 IPSec VPN Acceleration Services Module STATUS LED

Color/State Description

Green All diagnostic tests pass. The module is

operational.

Red A diagnostic test other than an individual port test

failed.

Orange Indicates one of three conditions:

• The module is running through its boot and

self-test diagnostic sequence.

• The module is disabled.

• The module is in the shutdown state.

Off The module power is off.

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-9392-04 Switch User Manual