All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7
Q. Where can I find IPsec and SSL VPN performance information?
A. The document at http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns125/netbr09186a00801f0a72.html provides an overview
of the Cisco VPN-capable platforms and performance information. The routers are summarized in Table 5, which lists performance
with and without VPN modules, tunnel counts, and throughput.
Q. What are the main features of the VPN modules?
A. These are the main features of the VPN modules:
●
Modules accelerate IPsec at speeds suitable for multiple full-duplex T1/E1.
●
Modules implement 3DES or DES for data protection in hardware.
●
Modules support Rivest, Shamir, and Adelman algorithm (RSA) signatures and Diffie-Hellman for authentication.
●
Modules use Secure Hash Algorithm 1 (SHA-1) or Message Digest 5 (MD5) hashing algorithms for data integrity.
●
Cisco AIM-VPN/BPII-PLUS, AIM-VPN/EPII-PLUS, and AIM-VPN/HPII-PLUS add hardware support optimized for all primary
AES configurations (AES128, AES192, and AES256) and Layer 3 (IPPCP) compression.
●
New Cisco AIM-VPN/SSL Series cards support all of the features of the previous cards and also add SSL VPN termination, IPv6
IPsec acceleration using virtual tunnel interfaces (VTI), and Cisco IOS Secure Multicast, also known as GDOI.
Q. What other requirements should I consider when using the encryption modules?
A. You will need a Cisco IOS IPsec encryption image. The Advanced Security, Advanced IP Services, and Advanced Enterprise Services
feature sets all support the encryption modules and activate the onboard encryption accelerators.
Q. Can I mix and match Cisco VPN solutions to meet my customers’ needs?
A. Yes. That is the Cisco VPN advantage. Today the Cisco PIX
®
Firewall Software or Cisco Adaptive Security Appliances (ASA) IPsec,
the Cisco VPN 3000 Series Concentrators IPsec, and the router Cisco IOS Software IPsec are all compatible. Routers with IPsec can
talk to Cisco PIX Firewall Software or Cisco ASA with IPsec and also with Cisco VPN 3000 Series Concentrators.
SOFTWARE FEATURES
Q. Do the VPN modules support an IPsec MIB?
A. Yes. Both the Cisco AIM-VPN-II-PLUS Series and the new Cisco AIM-VPN/SSL Series modules support the Cisco IOS Software
IPsec MIB.
Q. What benefits does the IPsec MIB provide?
A. The IPsec MIB allows MIB-2-compliant management applications to poll the host device and retrieve VPN-specific monitoring and
performance data, delivering information useful for identifying VPN trouble areas and assessing overall performance. For more
information, refer to: http://www.cisco.com/en/US/products/sw/cscowork/ps2326/products_data_sheet09186a0080088822.html
Q. Which IPsec RFCs are supported?
A. Cisco fully supports the entire set of RFCs describing IPsec and related protocols:
●
IPsec (RFC 2401-10)
●
IPsec ESP using DES and 3DES (RFC 2406)
●
IPsec authentication header using MD5 or SHA (RFC 2403-4)
●
IKE (RFC 2407-9)
(7 stránky)
(109 stránky)
(35 stránky)
(5 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce