Advertisement
Quick Links
DES/3DES/AES VPN Encryption Module
(AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII
Family)
The DES/3DES/AES VPN Encryption Module (AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII
Family) feature describes how to configure virtual private network (VPN) encryption hardware advanced
integration modules (AIM) and network modules (NM) in Cisco IOS Release 12.3(7)T.
Feature Specifications for the VPN Encryption Module
Feature History
Release
12.2(13)T
12.2(15)ZJ
12.3(4)T
12.3(5)
12.3(6)
12.3(7)T
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image
support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on
Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at
the login dialog box and follow the instructions that appear.
Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Modification
This feature was introduced on the Cisco 2691, Cisco 3660, Cisco 3725,
and Cisco 3745.
This feature was introduced on the AIM-VPN/BPII on the following
platforms: Cisco 2610XM, Cisco 2611XM, Cisco 2620XM,
Cisco 2621XM, Cisco 2650XM, and Cisco 2651XM.
This feature was integrated into Cisco IOS Release 12.3(4)T.
This feature was revised to include support for the AIM-VPN/EPII,
AIM-VPN/HPII family of encryption modules and was integrated into
Cisco IOS Release 12.3(5).
This feature was revised to include support for the AIM-VPN/BPII-Plus on
the 2600XM encryption modules and was integrated into Cisco IOS
Release 12.3(6).
This feature was revised to include support for the AIM-VPN/BPII-Plus
family of encryption modules and was integrated into Cisco IOS Release
12.3(7)T.
Advertisement
Related Manuals for Cisco AIM-VPN - DES/3DES VPN Data Encryption AIM Module
Summary of Contents for Cisco AIM-VPN - DES/3DES VPN Data Encryption AIM Module
- Page 1 Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
- Page 2 Prerequisites for Installation Preconditions • Cisco IOS Release 12.2(13)T or later. Table 1 for AIM/VPN Encryption Module support by Cisco IOS Release. Note A working IP network • For more information about configuring IP, refer to the Cisco IOS IP Configuration Guide, Release 12.3.
-
Page 3: How To Configure
DES/3DES/AES VPN Encryption Module (AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII Family) Restrictions for DES/3DES/AES VPN Encryption Module Table 1 AIM/VPN Encryption Module Support by Cisco IOS Release Platform Encryption Module Support by Cisco IOS Release 12.2(13)T 12.3(4)T 12.3(5) 12.3(6) 12.3(7)T Cisco 3725 AIM-VPN/EPII Hardware Encryption... -
Page 4: Technical Assistance
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco IOS feature, and support for existing MIBs has not been releases, and feature sets, use Cisco MIB Locator found at the modified by this feature. following URL: http://www.cisco.com/go/mibs... -
Page 5: Command Reference
DES/3DES/AES VPN Encryption Module (AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII Family) Command Reference Command Reference This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 command reference publications. clear crypto engine accelerator counter • crypto engine accelerator •... - Page 6 Privileged EXEC Command History Release Modification 12.1(3)XL This command was introduced for the Cisco uBR905 cable access router. 12.2(2)XA Support was added for the Cisco uBR925 cable access router. 12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T and implemented for the AIM-VPN/EPII &...
- Page 7 Displays a summary of the configuration information for the crypto engine. show crypto engine configuration Displays the version and configuration information for the crypto engine. show crypto engine connections Displays a list of the current connections maintained by the crypto engine. Cisco IOS Release 12.3(7)T...
- Page 8 Global configuration mode Command History Release Modification 12.1(3)T This command was introduced for the Cisco 1700 series router and other Cisco routers that support hardware accelerators for IPSec encryption. 12.1(3)XL Support was added for the Cisco uBR905 cable access router. 12.2(2)XA Support was added for the Cisco uBR925 cable access router.
- Page 9 Displays a summary of the configuration information for the crypto engine. show crypto engine configuration Displays the version and configuration information for the crypto engine. show crypto engine connections Displays a list of the current connections maintained by the crypto engine. Cisco IOS Release 12.3(7)T...
- Page 10 Privileged EXEC Command History Release Modification 11.2 This command was introduced on the Cisco 7200, RSP7000, and 7500 series routers. 12.2(15)ZJ This command was implemented for the AIM-VPN/BPII on the following platforms: Cisco 2610XM, Cisco 2611XM, Cisco 2620XM, Cisco 2621XM, Cisco 2650XM, and Cisco 2651XM.
- Page 11 Version number of the crypto library running on the router. crypto engine in slot Chassis slot number of the crypto engine. For the Cisco IOS crypto engine, this is the chassis slot number of the Route Switch Processor (RSP).
- Page 12 Privileged EXEC Command History Release Modification 12.1(1)XC This command was introduced for the Cisco 1700 series router and other Cisco routers that support hardware accelerators for IPSec encryption. 12.1(3)XL This command was introduced for the Cisco uBR905 cable access router. 12.2(2)XA Support was added for the Cisco uBR925 cable access router.
- Page 13 Number of payload bytes encrypted by the VPN Module. This does not include encryption header or trailer bytes. bytes decrypted Number of payload bytes decrypted by the VPN Module. This does not include encryption header or trailer bytes. Cisco IOS Release 12.3(7)T...
- Page 14 The number of responses that have been handled by the AIM-VPN card. The following example shows typical output of the Cisco 2600 and Cisco 3600 VPN Modules. Note the current statistics, error counters, and associated error numbers that may be returned to the console:...
- Page 15 0 packet_loop_limit: 0 Table 4 describes significant fields shown in the display. Table 4 show crypto engine accelerator statistic Compression Statistics Descriptions for a Cisco 2600, Cisco 3600 or Cisco 3700 VPN module Associated Error Count Label Significance Number...
- Page 16 DES/3DES/AES VPN Encryption Module (AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII Family) show crypto engine accelerator statistic Table 4 show crypto engine accelerator statistic Compression Statistics Descriptions for a Cisco 2600, Cisco 3600 or Cisco 3700 VPN module Associated Error Count Label Significance Number...
- Page 17 DES/3DES/AES VPN Encryption Module (AIM-VPN/EPII, AIM-VPN/HPII, AIM-VPN/BPII Family) show crypto engine accelerator statistic Table 4 show crypto engine accelerator statistic Compression Statistics Descriptions for a Cisco 2600, Cisco 3600 or Cisco 3700 VPN module Associated Error Count Label Significance Number esp_seq_fail —...
- Page 18 — packet_loop_limit Not used in Cisco 2600/3600 VPN. — In Cisco IOS Release 12.2(8)T and later releases, you can add a time stamp to show commands that use the EXEC prompt timestamp command in line configuration mode. Related Commands Command...
- Page 19 Privileged EXEC Command History Release Modification 12.1(3)XL This command was introduced for the Cisco uBR905 cable access router. 12.2(2)XA Support was added for the Cisco uBR925 cable access router. 12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T and implemented for the AIM-VPN/EPII &...
- Page 20 Displays a summary of the configuration information for the crypto engine. show crypto engine configuration Displays the version and configuration information for the crypto engine. show crypto engine connections Displays a list of the current connections maintained by the crypto engine. Cisco IOS Release 12.3(7)T...
- Page 21 12.0(5)XQ This command was enhanced and made available for the Cisco 1750 router. 12.0(7)T This command was modified to add the example for the Cisco 1750 router. 12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T and implemented for the AIM-VPN/EPII & AIM-VPN/HPII on the following platforms: Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745.
- Page 22 Serial number of the printed circuit board. Port adapter insertion time Elapsed time since insertion. Port adapter is analyzed The system has identified the Cisco 2611 series port adapter. RMA History Counter that indicates how many times the port adapter has been returned and repaired.
- Page 23 Note CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco...