Cisco Systems 535 user service VPN Accelerator Card+

Page 7

Chapter 7 PIX 535

PIX 535 Feature Licenses

For information on upgrading feature licenses or downloading the latest software versions, refer to the configuration guide online at:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_configuration_guides_list.html.

This section includes the following topics:

VPN Accelerator Card, page 7-7

VPN Accelerator Card+, page 7-7

VPN Accelerator Card

The VPN Accelerator Card (VAC) for the Cisco PIX security appliance series is a card that provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is integrated with PIX 535 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a spare for use with PIX 535 units that have a restricted (R) license.

Note Installing a VAC and an 82557 based FE card on the PIX 535 could result in a system hang.

VPN Accelerator Card+

The VAC+ is a 64-bit/66 MHz PCI card that provides faster tunneling and encryption services for Virtual Private Network (VPN) remote access, and site-to-site intranet and extranet applications, than the VAC. Each VAC+ occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs Version 6.3 software, has an appropriate license to run VPN software, and at least one PCI slot available. While the VAC continues to be supported in Version 6.3, if both types of cards, the VAC and the VAC+, are installed in a system running Version 6.3, the VAC card is ignored. The VAC+ runs at both

32-bit/33MHz and 64-bit/66 MHz, and does not slow down the bus when other 66 MHz cards are installed. We strongly recommend that you install the VAC+ in a 64bit/66 MHz slot. Performance is degraded if this recommendation is not followed.

The VAC+ driver supports the following:

3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key sizes of 128, 192, and 256 bits are supported).

SHA1, MD5 for the (IPSec) AH protocol.

Load sharing ESP and AH activity between up to three VAC+.

Diffie-Hellman public key and shared secret generation.

Any other crypto-related activity uses a software implementation.

Cisco PIX Security Appliance Hardware Installation Guide

 

78-15170-03

7-7

 

 

 

Image 7
Contents PIX 535 Product Overview PIX1shows the front view of the PIX LEDs State Description PIX 535 Network Interface Description Before Installing the PIX Installing the PIXMounting the PIX PIX 535 Network Interface Installation PIX 535 Feature LicensesVPN Accelerator Card+ VPN Accelerator CardPIX 535 Failover Cable Connection Installing FailoverInstalling LAN-Based Failover LAN-Based Failover Connections Replacing a Lithium BatteryInstalling a Memory Upgrade System Memory Location on the PIX 535 Component Tray Inserting a Dimm Memory Strip in the PIX PIX 535 Circuit Board Options Installing a Circuit Board in the PIXRestricted Interface Options Unrestricted Interface Options 10 PIX 535 Back Panel Detail Circuit Board Slot Description11 The Component Tray at the Back of the PIX Installing a Circuit Board12 4-Port Circuit Board Overlap MB Flash Circuit Board13 16 MB Flash Circuit Board Gigabit Ethernet Circuit Board VPN Accelerator Circuit Board15 Gigabit Ethernet Circuit Board Installing the PIX 535 DC Model16 Attaching a Grounding Lug to the PIX 535 DC PIX Installing the PIX 535 DC Model