10 Gbps through 6500 SVC-IPSEC-1 with vrf-aware ipsec
I have a customer that has a 6500 with sub720 and FWSM.
We have connected this switch to the Internet with a 10 Gbps interface. We use BGP for this connection. All ingress traffic goes to the outside VLAN of the FWSM. The inside VLAN of the FWSM is part of an ?inside? VRF. This VRF keeps the inside and outside traffic separated.
Now we want to add an WS-SVC-IPSEC-1 module to terminate some site-to-site GRE/IPSEC tunnels directly on the inside VRF. These tunnels do not have to go throught the FWSM. We can do this with VFR-aware IPSEC.
But when I do that I will have to connect the 10 Gbps Internet interface to the IPSEC blade with a ?crypto engine slot? command.
Does that mean that all traffic (encrypted and unencrypted) will have to pass through the IPSEC blade ? Would that be a problem with 10 Gig ?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...