08-10-2007 10:49 AM - edited 03-03-2019 06:16 PM
a site to site vpn was set up between 871 and 2851. 2821 has a AIM-VPN/SSL-2
On 871:
sh crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Compression: No
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0020
Maximum SA index: 0020
Maximum Flow index: 0040
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 8E20D704
crypto engine state: installed
crypto engine in slot: N/A
On 2851:
show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: aim 0
VPN Module in slot: 0
Product Name: AIM-VPN/SSL-2
Software Serial #: 55AA
Device ID: 001F - revision 0000
Vendor ID: 0000
Revision No: 0x001F0000
VSK revision: 0
Boot version: 255
DPU version: 0
HSP version: 3.3(18) (PRODUCTION)
Time running: 3w0d
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 2000
Maximum SA index: 2000
Maximum Flow index: 4000
Maximum RSA key size: 2048
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Disabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 01100200
Time running: 4294967 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0300
Maximum SA index: 0300
Maximum Flow index: 0600
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 5FF8863F
crypto engine state: installed
crypto engine in slot: N/A
Thx!
08-10-2007 11:10 AM
I think this is the reference document:
http://cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110c00.html
Hope this helps, please rate post if it does!
08-11-2007 04:07 PM
Also, what software are you using ? An 851 with 12.4(11)T2 show compression supported in hardware:
gw-851w#sh crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 623892 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0020
Maximum SA index: 0020
Maximum Flow index: 0040
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: DD151A7D
crypto engine state: installed
crypto engine in slot: N/A
08-11-2007 10:30 PM
Thanks for reply, Paolo.
the ios version might be the cause:
C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(4)T7
I'll upgrade the ios to ver 12.4(11)T2, and see what's gonna happen.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: