IPSec VPN SPA Support in 15.x Releases
Available Languages
Contents
Introduction
This document describes the IPSec VPN Shared Port Adapter (SPA) support for the Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches in Cisco IOS® Releases15.x and later.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
- Cisco 7600/Catalyst 6500 IPSec VPN SPA (SPA-IPSEC-2G)
- Cisco 7600/Catalyst 6500 IPSec VPN SPA (WS-IPSEC-3)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Cisco Catalyst 6500 Series Switches
The IPsec VPN SPAs are not supported on Cisco Catalyst 6500 Series switches in the HD, MA, or MK Cisco IOS releases, such as 15.0(1)SY(MA1), 15.1(1)SY(MA2), 15.1(2)SY(MK1), or 15.2(1)SY(MK2). Support is limited to the SXI and SXJ Cisco IOS releases.
Cisco 7600 Series Routers
This section describes the IPSec VPN SPA support for Cisco 7600 Series routers.
SPA-IPSEC-2G Support
The SPA-IPSEC-2G product has reached End-of-Sale (EoS)/End-of-Life (EoL), and Cisco no longer provides support. Additionally, Cisco no longer allows this module to power up upon boot in Cisco IOS Releases 15.4(1)S and later.
After you restart the Cisco 7600 Series router and boot to Cisco IOS Release 15.4(1)S or later, the IPSec tunnels do not come up. The router indicates that the module is unsupported, and it does not permit you to power on the module:
7600(config)#power enable module 1
7600(config)#
%C6KPWR-SP-4-UNSUPPORTED:unsupported module in slot 1,power not allowed:Not Supported.
6k(config)#
6k#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 0 2-subslot Services SPA Carrier-400 7600-SSC-400 XXXXXXXXXXX
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE XXXXXXXXXXX
4 0 4-subslot SPA Interface Processor-400 7600-SIP-400 XXXXXXXXXXX
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3B XXXXXXXXXXX
6 2 Supervisor Engine 720 (Active) WS-SUP720-3B XXXXXXXXXXX
8 6 Firewall Module WS-SVC-FWM-1 XXXXXXXXXXX
9 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-45AF XXXXXXXXXXX
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ----- ------------- ------------ -------
1 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 1.0 Unknown Unknown PwrDown
2 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 2.2 12.2(14r)S 15.4(3)S Ok
4 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 2.7 15.4(3)S2 15.4(3)S2 Ok
5 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 5.4 8.4(2 15.4(3)S Ok
6 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 5.4 8.4(2 15.4(3)S Ok
8 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 3.0 7.2(1) 4.1(15) Ok
9 xxxx.xxxx.xxxx to xxxx.xxxx.xxxx 12.3 7.2(1) (sierra_main Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
2 Centralized Forwarding Card WS-F6700-CFC XXXXXXXXXXX 2.0 Ok
4/0 2xGE V2 SPA SPA-2X1GE-V2 XXXXXXXXXXX 1.0 Ok
4/1 2xT3E3 SPA SPA-2XT3/E3 XXXXXXXXXXX 1.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B XXXXXXXXXXX 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 XXXXXXXXXXX 3.0 Ok
6 Policy Feature Card 3 WS-F6K-PFC3B XXXXXXXXXXX 2.3 Ok
6 MSFC3 Daughterboard WS-SUP720 XXXXXXXXXXX 3.0 Ok
9 IEEE Voice Daughter Card WS-F6K-48-AF XXXXXXXXXXX 2.3 Ok
WS-IPSEC-3 Support
The WS-IPSEC-3 product with the SSC-600 card is fully supported by Cisco 7600 Series routers in Cisco IOS Releases 15.1(3)S1 and later.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)