Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
0
Helpful
1
Replies

DMVPN w/ Transport-Mode IPSec - Will VAM-2+ help?

mbrown
Level 1
Level 1

‎08-30-2006 09:53 AM - edited ‎02-21-2020 02:36 PM

I'm reaching the point where my 7206VXR w/ NPE-G1 is seeing sustained 60% - 70% cpu utilization from IPSec encryption / decryption. I'm running IOS 12.4(9)T. I was thinking about purchasing one or two VAM-2+ modules to offload the encryption, but I'm not sure if it will help with IPSec running in transport mode (Full mesh DMVPN, this router is the NHRP server / hub router supporting about 50 spokes, soon to be 70 spokes).

Looking at the following link, I see "IPSec Tunnel Mode" explicitly listed, but not transport mode.

http://www.cisco.com/en/US/products/hw/routers/ps341/products_data_sheet0900aecd8020b758.html

And I have some vague recollection that I read somewhere that transport mode wasn't supported in hardware VPN accelerators.

Any ideas if the VAM-2+ would help with transport-mode IPSec tunnels?

Thanks!

-Mason

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎09-05-2006 11:35 AM

Hardware VPN doesnt support transport mode.Thats the reason users migrate to ASA which supports Transport Mode.Refer

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guide_chapter09186a0080690661.html#wp1008637 for more information.

0 Helpful
Customers Also Viewed These Support Documents