The VPN Accelerator Card (VAC) for the Cisco Secure PIX Firewall series provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. This hardware-based VPN accelerator is optimized to handle the repetitive but voluminous mathematical functions required for IPsec. Offloading encryption functions to the card not only improves IPsec encryption processing, but also maintains high-end firewall performance. As an integral component of the Cisco virtual private network (VPN) solution, the VPN Accelerator Card provides platform scalability and security while working seamlessly with services necessary for successful VPN deploymentsencryption, tunneling, and firewall.
The VPN Accelerator Card, which fits in a PCI slot inside the PIX chassis, encrypts data using the 56-bit Data Encryption Standard (DES) or 168-bit 3DES algorithms at speeds up to 100 Mbps. A PIX equipped with a VAC supports as many as 2,000 encrypted tunnels for concurrent sessions with mobile users or other sites. In addition to encryption, the card handles a variety of other IPsec-related taskshashing, key exchange, and storage of security associationswhich free the PIX main processor and memory to perform other perimeter security functions.
- EncryptionDES and 3DES encryption are very CPU intensive, potentially impacting firewall performance in high-throughput configurations. The VAC makes it possible to send DES or 3DES encrypted data at high speed while still providing the full range of perimeter security services available from the Cisco Secure PIX Firewall.
- AuthenticationRSA and Diffie-Hellman are CPU-intensive protocols that are used when a new IPsec tunnel is established. RSA authenticates the remote device while Diffie-Hellman exchanges keys that will be used for DES or 3DES encryption. The VPN Accelerator Card implements these protocols in specialized hardware ensuring fast tunnel setup and high overall encryption throughput.
- TunnelingThe PIX and VAC support IPsec tunneling protocol enabling high-performance, flexible network designs for both remote access and site-to-site VPNs. Site-to-site solutions can be designed with PIX or combinations of PIX with Cisco VPN appliances or VPN-enabled multi-service routers. Remote access solutions can utilize Cisco's VPN client or other 3rd party clients supporting the IPsec tunneling protocol.
The PIX VAC provides an extra level of security by segregating sensitive VPN information from standard system processing. Encryption, authentication, and key generation mechanisms are handled by onboard memory and processors. In addition, a hardware random number generator provides high quality input to crypto functions resulting in strong security while ensuring high throughput during process-intensive re-keying operations.
PIX Firewall automatically detects the presence of the VPN Accelerator Card and transfers encryption activities to the VAC without configuration changes. Throughput is enhanced through the use of specialized hardware to perform the complex mathematical transformations necessary to generate keys, authenticate devices, authenticate packets, and encrypt and decrypt data. The VPN Accelerator Card is fully compatible with network-layer IPsec and the Layer 3 encryption software services of the Cisco Secure PIX Firewall Software.
EMI: CFR 47 Part 15 Class A (FCC), ICES 003 Class A with UTP, EN55022 Class A with UTP, CISPR 22 Class A with UTP, AS/NZ 3548 Class A with UTP, VCCI Class A with UTP, EN55024, EN50082-1 (1997), CE marking, EN55022 Class B with FTP, Cispr 22 Class B with FTP, AS/NZ 3548 Class B with FTP, VCCI Class B with FTP
For more information about PIX Firewall, go to
The PIX VPN Accelerator Card and associated software may be export controlled. Refer to the export compliance Web site at: http://www.cisco.com/wwl/export/crypto/ for guidance. For specific export questions, contact firstname.lastname@example.org