Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
2
Replies

10 Gbps through 6500 SVC-IPSEC-1 with vrf-aware ipsec

vanbon
Level 1
Level 1

‎04-19-2007 09:13 AM - edited ‎02-21-2020 02:59 PM

Hi,

I have a customer that has a 6500 with sub720 and FWSM.

We have connected this switch to the Internet with a 10 Gbps interface. We use BGP for this connection. All ingress traffic goes to the outside VLAN of the FWSM. The inside VLAN of the FWSM is part of an ?inside? VRF. This VRF keeps the inside and outside traffic separated.

Now we want to add an WS-SVC-IPSEC-1 module to terminate some site-to-site GRE/IPSEC tunnels directly on the inside VRF. These tunnels do not have to go throught the FWSM. We can do this with VFR-aware IPSEC.

But when I do that I will have to connect the 10 Gbps Internet interface to the IPSEC blade with a ?crypto engine slot? command.

Does that mean that all traffic (encrypted and unencrypted) will have to pass through the IPSEC blade ? Would that be a problem with 10 Gig ?

Do I have any other options ?

Thanks for the advice.

Regards,

Gerard

Labels:
0 Helpful
2 Replies 2

amritpatek
Level 6
Level 6

‎04-25-2007 07:14 AM

Yes, you will have to connect the 10 Gbps Internet interface to the IPSEC blade with a crypto engine slot command.

0 Helpful

vanbon
Level 1
Level 1
In response to amritpatek

‎04-25-2007 10:25 AM

Thanks for the reply.

But is it supported and advisable to connect a 10 gig interface to the IPSEC module ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents