ajagadee Thu, 11/01/2007 - 09:14

Hi,

You need an IPSEC SPA to do encryption on the Catalyst 6500 switches.

Without a SPA-IPSEC-2G or IPsec VPN Acceleration Services Module, the IPsec Network Security feature (configured with the crypto ipsec command) is supported in software only for administrative connections to Catalyst 6500 series switches and Cisco 7600 series routers.

Please refer the below URL for details:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm#wp2565092

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

bindong.shi Thu, 11/01/2007 - 16:07

thanks for your great help. May I know what is "supported in software only for administrative connections"?

ajagadee Thu, 11/01/2007 - 16:50

Hi,

You can configure Lan to Lan as well as Client to Lan tunnel on the MSFC, that is without an IPSEC SPA or VPNSM.

Please refer the below URL for details. Eventhough the below URL is for the FWSM, the information listed in the "Allowing a VPN Management Connection" should apply to the MSFC as well.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/access.html#wp1039202

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

shibindong Thu, 11/01/2007 - 19:53

thanks for reply, but I did serach via Cat6 command reference, I did not find the command start with "isakmp"

Actions

This Discussion