Guest

Cisco Security Modules for Routers and Switches

Cisco VPN Acceleration Module 2+

  • Viewing Options

  • PDF (75.6 KB)
  • Feedback

Overview

The VPN Acceleration Module 2+ (VAM2+) for Cisco 7301 and 7200VXR Series routers provides high-performance encryption/compression and key generation services for IPSec virtual private network (VPN) applications. Like the VAM2, the VAM2+ supports both Data Encryption Standard (DES), triple DES, and Advanced Encryption Standard (AES) 128-bit keys but adds hardware-acceleration for 192 and 256-bit AES keys. The VAM2+ continues to provide hardware-assisted Layer-3 compression services integral with its encryption services, conserving bandwidth and lowering network connection costs over secured links. This combination of security features and advanced network services offers a flexible, integrated approach to accommodate the most diverse enterprise or service provider network environments.

Features at a Glance

The VAM2+ supports DES, 3DES, and AES IPSec encryption at up to 280 Mbps while maintaining support for 5000 simultaneous tunnels. The VAM2+ also integrates hardware-assisted RSA and IP Payload Compression Protocol (IPPCP) Lempel-Ziv-Stac (LZS) compression, accelerating RSA processing speeds, tunnel setup and creation time improving overall VPN initialization while compressing payload data for streamlined communications. Thus in those environments where bandwidth is costly, VAM2+ is able to compress network traffic before it is encrypted and sent over pay-per-byte WAN connections saving transmission costs and improving overall throughput.

Features

Description

Physical

Service adapter-Installs in a single port adapter slot on the Cisco 7301 or 7200 Series routers

Platform support

Cisco 7301 and 7200 Series with NPEG2, NPE G1 or NPE-400

Throughput-Single VAM2+*

Up to 280 Mbps using 3DES or AES

Number of IPSec protected tunnels**

Up to 5000 tunnels

Hardware-based encryption

Data protection: IPSec DES, 3DES, AES

Authentication: RSA and Diffie-Hellman

Data integrity: SHA-1 and Message Digest 5 (MD5)

VPN tunneling

IPSec tunnel mode; generic routing encapsulation (GRE) and Layer 2 Tunneling Protocol (L2TP) protected by IPSec

Hardware-based compression

Layer 3 IPPCP LZS

LAN/WAN interface selection

On the Cisco 7200 Series, VAM2+ works with most Cisco 7200 VXR-compatible port adapters

Minimum Cisco IOS Software Release supported

12.3(12) or 12.3(11)T3 Advanced Security or higher feature set

Standards supported

IPSec/IKE: RFCs 2401-2411, 2451

IPPCP: RFC 2393, 2395

*As measured with IPSec 3DES HMAC-SHA1 on 1400 byte packets.
**512MB of memory is required to support 5000 tunnels.

Cisco Management Software for IPSec VPNs

Single Device Management

The Cisco ® Router and Security Device Manager (SDM) is an intuitive, Web-based device management tool for Cisco IOS ® routers. Cisco SDM simplifies router and security configuration through intelligent wizards, enabling customers to quickly and easily deploy, configure, and monitor a Cisco router without requiring knowledge of the Cisco IOS Software command-line interface (CLI). http://www.cisco.com/en/US/partner/products/sw/secursw/ps5318/index.html

Multiple Device Management

Cisco Security Manager (CS Manager), an integral part of the SAFE blueprint for network security, combines Web-based tools for configuring, monitoring, and troubleshooting enterprise virtual private networks (VPNs), firewalls, and network and host-based intrusion detection systems (IDS). CS Manager delivers the industry's first robust and scalable foundation and feature set that addresses the needs of small and large-scale VPN and security deployments.
For more information about Cisco Security Manager 3.1, visit http://www.cisco.com/go/csmanager

Ordering Information

VAM2+ support begins in Cisco IOS ® Software Release 12.3(12) or 12.3(11)T3 advanced security or higher feature set. Cisco 7301 and 7200 security bundles are currently available that include VAM2+ for easy ordering at a bundle discount.

Part Number

Description

SA-VAM2+

VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series

SA-VAM2+=

VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series, Spare

7206VXRG2/2+VPNK9

Cisco 7206 VXR chassis, NPE-G2 , VAM2+ Bundle (includes Chassis, NPE, VAM2+, PA Jacket Card & Advanced Security image)

7206VXRG1/2+VPNK9

Cisco 7206 VXR chassis, NPE-G1 , VAM2+ Bundle (includes Chassis, NPE, VAM2+ & Advanced Security image)

CISCO7301/2+VPNK9

Cisco 7301 chassis (with integrated NPE-G1) & VAM2+ Bundle (includes Chassis, NPE, VAM2+ & Advanced Security image)

Export Regulations

3DES software for the VAM2+ is controlled by U.S. export regulations on encryption products. The module itself is not controlled. U.S. regulations require the recording of names and addresses of recipients of DES and 3DES software. For more details, see http://www.cisco.com/wwl/export/crypto/.

Certifications

Cisco is committed to maintaining an active product certification and evaluation program for customer's worldwide. We recognize that certifications and evaluations are important to our customers, and we continue to be a leader in providing certified and evaluated products to the marketplace. We also will continue to work with international security standards bodies to help shape the future of certified and evaluated products, and will work to accelerate certification and evaluation processes. Certification and evaluation are considered at the earliest part of our product development cycle, and we will continue to position our security products to insure that customers have a variety of certified and evaluated products to meet their needs. For security certification product details, see http://www.cisco.com/en/US/partner/netsol/ns340/ns394/ns171/networking_solutions_audience_business_benefit0900aecd8009a16f.html