I am trying to find best solution how to increase IPSec capacity (more Gbps enc/dec) on 7600 with extra VPN SPA card. Configuration with only one card is quite simple and supports most of configurations - routed, switched, VTI, GRE/IPSec, crypto-maps. Problem occurs when single card is used with only one routed outside interface (many inside tunnel interfaces) and capacity limit is reached. From configuration guide I understand that separate VLAN for each VPN SPA card is needed. This requires separate outside interface for each VPN SPA card. This may not be a problem if adding new routed interface for new VPN SPA card does not cause any problems. Since this is not my case - I was wondering if anyone came across this problem and found another then turning simple routed interface to several interfaces by trunking VLAN's on same physical interface solution. Any suggestion are welcome.