3600 VPN accelerator NM-VPN/MP= does it need to be enabled?

anthony.hassiotis · ‎03-15-2007

Hi,

I have added an NM-VPN/MP= accelerator on my 3600 to increase VPN throughput. Since then, I can't ping anything through the tunnel. Does this module need to be enabled in the config?

Regards,

Anthony Hassiotis

ebreniz · ‎03-21-2007

you have to enable the VPN Acc card using CRYPTO ENGINE ACCELERATOR command. use "show crypto engine accel stat" for view active connection statistics.

Try this link:

http://www.cisco.com/en/US/products/hw/routers/ps274/products_tech_note09186a0080094aef.shtml#ts_dsp

anthony.hassiotis · ‎03-22-2007

Thanks for that, I have now spent a lot of time on this problem. I already came accross this command and it was enabled by default. In fact I could see packets going through the accelerator card.

I had this tunnel working fine a couple of weeks ago and as soon as I installed the accelerator card, things started to not work. I removed the accelerator card and the tunnel started working only one direction. So packets would be encrypted ok on the 3620 and decrypted on my PIX515 but any packet going into the the 515 just disappears and I can't find where it goes. I can see the firewall opening a connection for the ICMP packet, but I get no other logs from debug ipsec or any other connection logs. I even did packet capture on the internal and external interfaces on the PIX515E and still can't see any packets encrypted.

I am sure it's not an access-list issue, as I removed the accees-lists and configured only one subnet to be allowed through the 3600/firewall at each end. Still same problem.

Any ideas welcome