Table Of Contents
Cisco PIX VPN Accelerator Card+
The Cisco® PIX® VPN Accelerator Card+ (VAC+) delivers high-performance, hardware-accelerated IP Security (IPSec) VPN, support for state-of-the-art international cryptographic standards, and highly scalable VPN tunnel aggregation in a solution that comes integrated with, or as an upgrade for, most models of the market-leading Cisco PIX Security Appliance Series. Ranging from solutions for small to midsize businesses (SMBs) to large enterprises and service providers, the Cisco PIX Security Appliance Series offers extensible platforms that provide robust, enterprise-class integrated network security services and solid investment protection. The Cisco PIX VAC+ takes full advantage of this extensibility and maximizes platform investment protection by offloading computationally intensive VPN cryptographic functions. This enables Cisco PIX Security Appliances to deliver higher-performance stateful inspection firewall services, advanced application and protocol inspection, inline intrusion protection, and robust multimedia and voice security services (Figure 1).
Cisco PIX VPN Accelerator Card+
Market-Leading VPN Performance Reduces Business Operational Costs
By combining the rich VPN services provided by Cisco PIX Security Appliances with the high-performance VPN capabilities of the Cisco PIX VAC+, businesses can securely extend their networks across low-cost Internet connections to mobile users, business partners, and remote sites worldwide, while significantly cutting the operational costs associated with leased lines and alternative remote-access solutions. Delivering up to 495 Mbps of encrypted VPN throughput—performance well beyond full-duplex OC-3 line rates—the Cisco PIX VAC+ provides excellent price/performance and the scalability needed for large-scale aggregation of many site-to-site and remote-access VPN services in a single solution.
The Cisco PIX VAC+ belongs to the family of high-performance, 64-bit/66-MHz PCI-enabled cards for the Cisco PIX Security Appliance Series; the family includes the Cisco PIX 4-Port Fast Ethernet Interface Card and the Cisco PIX Gigabit Ethernet Interface Card. The Cisco PIX VAC+ allows enterprises to take full advantage of the high-performance architecture of Cisco PIX 535 Security Appliances, and delivers highly scalable security services for the most demanding enterprise environments. The potent combination of market-leading VPN features and a high level of platform extensibility makes Cisco PIX Security Appliances some of the most scalable, upgradeable, and cost-effective central-site VPN and security solutions on the market. This high level of extensibility provides significant investment protection, where individual components of the overall solution can be upgraded as requirements grow, avoiding costly "forklift" upgrades of the entire chassis to enable new features or higher performance levels.
State-of-the-Art Cryptography Provides Enhanced Network Security
The Cisco PIX VAC+ provides high-performance hardware acceleration for a broad range of cryptographic standards, including 56-bit Data Encryption Standard (DES), 168-bit Triple DES (3DES), and all three key sizes (128-, 192-, and 256-bit) of Advanced Encryption Standard (AES), the state-of-the-art international cryptographic standard. In October 2000, the U.S. National Institute of Standards and Technology (NIST) and cryptographers from around the world selected AES as the new cryptographic standard for protecting digital information. AES, which is rapidly being adopted worldwide, provides a better combination of performance and enhanced network security than DES or 3DES by being computationally more efficient than these earlier standards. Furthermore, by supporting large key sizes of 128, 192, and 256 bits, AES offers higher security against brute-force attacks. Combining the numerous benefits of AES with support for other leading cryptographic standards, the Cisco PIX VAC+ provides businesses with an ideal VPN acceleration solution that bridges the gap between older and next-generation security standards.
Large-Scale VPN Tunnel Aggregation Enables Highly Scalable, Easy-to-Manage VPN Deployments
The Cisco PIX VAC+, in conjunction with the innovative Cisco Easy VPN technology found within Cisco PIX Security Appliances, delivers a uniquely scalable, cost-effective, and easy-to-manage remote-access VPN solution. Built upon the foundation of dynamic policy distribution and effortless provisioning, Cisco Easy VPN eliminates the operational costs associated with maintaining remote device configurations typically required by traditional VPN solutions. It enables businesses to enjoy the numerous benefits that VPNs provide, including increased employee productivity by taking advantage of high-speed broadband connectivity, and significantly reduced operational costs by eliminating expenses associated with legacy dialup architectures—without the problems commonly found with other remote-access VPN solutions. By supporting up to 2000 encrypted tunnels for mixed VPN environments, the Cisco PIX VAC+ enables businesses to securely and cost-effectively extend their networks to teleworkers, remote offices, and business partners for anytime, anywhere access to vital corporate resources.
Table 1 shows maximum Cisco PIX VAC+ performance, as measured on a Cisco PIX 535 Security Appliance with Secure Hash Algorithm 1 (SHA-1) and various symmetric encryption algorithms. Note: performance varies based on several factors, including traffic mix, encryption algorithm, and Cisco PIX Security Appliance model.
Businesses using Cisco PIX Security Appliances with the Cisco PIX VAC, the previous generation of the Cisco PIX VAC+, can double or quadruple the VPN performance of their systems through simple upgrades to the Cisco PIX VAC+. Tables 2 and 3 show the relative-gain in performance when transitioning from the Cisco PIX VAC to the Cisco PIX VAC+.
Operating system: Cisco PIX Security Appliance Software Version 6.3(1) or later (with DES or 3DES/AES encryption license)
Platforms: Cisco PIX 515/515E, 520, 525, and 535 Security Appliances
Protocols: IPSec, Internet Key Exchange (IKE)
Symmetric encryption algorithms: 56-bit DES; 168-bit 3DES; 128, 192, and 256-bit AES
Asymmetric encryption algorithms: RSA, Diffie-Hellman, DSA
Hashing algorithms: MD-5, SHA-1
PCI interface: 64-bit, 66-MHz PCI Version 2.1 (short form), compatible with 32-bit, 33-MHz PCI bus
Environmental Operating Ranges
Temperature: 32 to 122ºF (0 to 50ºC)
Relative humidity: 10 to 90 percent, noncondensing
Temperature: 32 to 158ºF (0 to 70ºC)
Power Consumption: 5W
Dimensions and Weight
Height: 5 in. (10.7 cm)
Depth: 6.5 in. (17.5 cm)
Weight: .5 lb. (.2 kg)
Regulatory and Standards Compliance
UL 1950, CSA C22.2 No. 950, EN 60950, IEC 60950, AS/NZS3260, TS001, IEC60825, EN 60825, 21CFR1040
Electromagnetic Compatibility (EMC)
CFR 47 Part 15 Class A (FCC), ICES 003 Class A with UTP, EN55022 Class A with UTP, CISPR 22 Class A with UTP, AS/NZ 3548 Class A with UTP, VCCI Class A with UTP, EN55024, EN50082-1 (1997), CE marking, EN55022 Class B with FTP, CISPR 22 Class B with FTP, AS/NZ 3548 Class B with FTP, VCCI Class B with FTP
Table 4 lists part numbers for the Cisco PIX VAC+ and associated encryption licenses.
For more information, please visit the following links.
Cisco PIX Security Appliance Series:
Cisco PIX Device Manager:
Current list of Cisco product security certifications:
CiscoWorks VPN Security Management Solution (VMS), Management Center for Firewalls, Auto Update Server Software, and Security Monitor:
SAFE Blueprint from Cisco:
The Cisco PIX VAC+ and associated license keys may be export controlled.
For more information, visit:
For specific export questions, contact firstname.lastname@example.org.