I am trying to find best solution how to increase IPSec capacity (more Gbps enc/dec) on 7600 with extra VPN SPA card. Configuration with only one card is quite simple and supports most of configurations - routed, switched, VTI, GRE/IPSec, crypto-maps. Problem occurs when single card is used with only one routed outside interface (many inside tunnel interfaces) and capacity limit is reached. From configuration guide I understand that separate VLAN for each VPN SPA card is needed. This requires separate outside interface for each VPN SPA card. This may not be a problem if adding new routed interface for new VPN SPA card does not cause any problems. Since this is not my case - I was wondering if anyone came across this problem and found another then turning simple routed interface to several interfaces by trunking VLAN's on same physical interface solution. Any suggestion are welcome.
IPSec VPN SPA can use multiple Fast Ethernet or Gigabit Ethernet ports on other Catalyst 6500 series switch modules to connect to the Internet through WAN routers. Packets that are received from the WAN routers pass through the IPSec VPN SPA for IPSec processing.
On the LAN side, traffic between the LAN ports can be routed or bridged on multiple Fast Ethernet or Gigabit Ethernet ports. Because the LAN traffic is not encrypted or decrypted, it does not pass through the IPSec VPN SPA. The IPSec VPN SPA does not maintain routing information, route, or change the MAC header of a packet (except for the VLAN ID from one VLAN to another).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...