Cisco Catalyst 6500 Series Installation Manual page 91

Switch module

Hide thumbs Also See for Catalyst 6500 Series:

Software configuration manual (570 pages)

Configuration manual (392 pages)

Configuration note (212 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

page of 194

/ 194
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 1

Product Overview

IPSec VPN Acceleration Services Module (WS-SVC-IPSEC-1)

When you configure a VPN on the Cisco routers, a packet is sent to a routed

interface that is associated with an IP address. If the interface has an attached

crypto map, the software checks that the packet is on an access control list (ACL)

specified by the crypto map. If a match occurs, the packet is transformed

(encrypted) before it is routed to the appropriate IPSec peer; otherwise, the packet

is routed in the clear (unencrypted) state.

When you configure the VPN module, the same cryptographic operations are

performed as on Cisco routers. The VPN module's implementation of VPN is

generally the same as on Cisco routers other than the use of interface VLANs and

some configuration guidelines specific to the VPN module.

For detailed information on Cisco IOS IPSec cryptographic operations and

Note

policies, refer to the "IP Security and Encryption" section of the Cisco IOS

Security Configuration Guide, Release 12.2.

When you configure the VPN module on the Catalyst 6500 series switch, you

ensure that all packets coming from or going to the Internet pass through the VPN

module. The VPN module has an extensive set of policies that validate a packet

before the packet is sent onto the local (trusted) LAN. The VPN module can use

multiple Fast Ethernet or Gigabit Ethernet ports on other Catalyst 6500 series

modules to connect to the Internet through WAN routers. Packets received from

the WAN routers pass through the VPN module for IPSec processing.

On the local LAN side, traffic between the LAN ports can be routed or bridged on

multiple Fast Ethernet or Gigabit Ethernet ports. Because the local LAN traffic is

not encrypted or decrypted, it does not pass though the VPN module.

The VPN module does not maintain routing information, route, or change the

MAC header of a packet (except for the VLAN ID from one VLAN to another).

The front panel LED on the IPSec VPN Acceleration Services Module is

described in

Table

1-15.

Catalyst 6500 Series Switch Module Installation Guide

1-67

78-15725-02

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Cisco Catalyst 6500 Series Installation Manual page 91

Hide quick links:

Related Manuals for Cisco Catalyst 6500 Series

Related Products for Cisco Catalyst 6500 Series

Table of Contents