Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encryption on 2811 & 3945 for VTI

Regarding the Virtual Tunnel Interface feautre, in this document:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

It states that a VAM2+ hardware encryption module is required, which is only supported in the 7200.  I currently have aproximitely 80 x 2811 routers running IPSEC with ASA concentrators.  I'd like to replace the ASAs with 3945E ISR routers which have hardware encryption, along with the spoke 2811s.

Is the the VAM2+ an absolute requirement for hardware acceleration when using the VTI feature?  I'd hope the hardware encryption on the 2811 and 3945 would still work with VTIs but I cannot find anything saying whether it can or can't?

Any help much appreciated....

1 REPLY
Hall of Fame Super Gold

Re: Encryption on 2811 & 3945 for VTI

Is the the VAM2+ an absolute requirement for hardware acceleration when using the VTI feature?

VAM2 is a form of a dedicated encryption card.  Without it, a router can and will encrypt but at a cost:  higher CPU and slower output.

If you want to determine if your router has an encryption card, you'll need to enter the command "sh crypto engine configuration" and you'll get the following output:

crypto engine name:  Virtual Private Network (VPN) Module
crypto engine type:  hardware
State:  Enabled
Location:  aim 0
VPN Module in slot:  0
Product Name:  AIM-VPN/BPII-PLUS
Software Serial #:  55AA
Device ID:  001E - revision 0000
Vendor ID:  13A3
Revision No:  0x001E0000
VSK revision:  0
Boot version:  255
DPU version:  0
HSP version:  2.3(6) (PRODUCTION)
Time running:  2w5d
Compression:  Yes
DES:  Yes
3 DES:  Yes
AES CBC:  Yes (128,192,256)
AES CNTR:  No
Maximum buffer length:  4096
Maximum DH index:  1000
Maximum SA index:  1000
Maximum Flow index:  2000
Maximum RSA key size:  2048

crypto lib version:  19.0.0

crypto engine in slot:  0
platform:  VPN hardware accelerator

Crypto Adjacency Counts:
Lock Count:  0
Unlock Count:  0
crypto lib version:  19.0.0

598
Views
0
Helpful
1
Replies
CreatePlease to create content