Chapter 7 PIX 535
PIX 535 Feature Licenses
For information on upgrading feature licenses or downloading the latest software versions, refer to the configuration guide online at:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_configuration_guides_list.html.
This section includes the following topics:
VPN Accelerator Card, page 7-7
VPN Accelerator Card+, page 7-7
VPN Accelerator Card
The VPN Accelerator Card (VAC) for the Cisco PIX security appliance series is a card that provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is integrated with PIX 535 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a spare for use with PIX 535 units that have a restricted (R) license.
Note Installing a VAC and an 82557 based FE card on the PIX 535 could result in a system hang.
VPN Accelerator Card+
The VAC+ is a 64-bit/66 MHz PCI card that provides faster tunneling and encryption services for Virtual Private Network (VPN) remote access, and site-to-site intranet and extranet applications, than the VAC. Each VAC+ occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs Version 6.3 software, has an appropriate license to run VPN software, and at least one PCI slot available. While the VAC continues to be supported in Version 6.3, if both types of cards, the VAC and the VAC+, are installed in a system running Version 6.3, the VAC card is ignored. The VAC+ runs at both
32-bit/33MHz and 64-bit/66 MHz, and does not slow down the bus when other 66 MHz cards are installed. We strongly recommend that you install the VAC+ in a 64bit/66 MHz slot. Performance is degraded if this recommendation is not followed.
The VAC+ driver supports the following:
•3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key sizes of 128, 192, and 256 bits are supported).
•SHA1, MD5 for the (IPSec) AH protocol.
•Load sharing ESP and AH activity between up to three VAC+.
•Diffie-Hellman public key and shared secret generation.
•Any other crypto-related activity uses a software implementation.
Cisco PIX Security Appliance Hardware Installation Guide