Pix Firewall Vpn Accelerator Card - Cisco PIX 501 Hardware Installation Manual

Pix series

Hide thumbs Also See for PIX 501:

Quick start manual (21 pages)

User and installation manual (156 pages)

Datasheet (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

page of 140

/ 140
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 7

PIX 535

PIX Firewall VPN Accelerator Card

The VPN Accelerator Card (VAC) for the Cisco PIX Firewall series is a card that provides high-performance,

tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is

integrated with PIX 535 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a

spare for use with PIX 535 units that have a restricted (R) license.

Note

Installing a VAC and an 82557 based FE card on the PIX 535 could result in a system hang.

PIX Firewall VPN Accelerator Card+

PIX Firewall Version 6.3 adds support for the VPN Accelerator Card+ (VAC+) . The VAC+ is a

64-bit/66 MHz PCI card, that provides faster tunneling and encryption services for Virtual Private

Network (VPN) remote access, site-to-site intranet and extranet applications than the VAC. Each VAC+

card occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs Version 6.3

software, has an appropriate license to run VPN software, and at least one PCI slot available. While the

VAC continues to be supported in Version 6.3, if both types of cards, the VAC and the VAC+, are

installed in a system running Version 6.3, the VAC card is ignored. The VAC+ is a 64-bit/66 MHz PCI

card, that runs at both 32-bit/33MHz, as well as 64-bit/66 MHz, and does not slow down the bus when

other 66 MHz cards are installed. It is strongly recommended that the VAC+ be installed in a 64bit/66 MHz

slot. Performance is degraded if this recommendation is not followed.

The 6.3 VAC+ driver supports the following:

•

Installing Failover

Complete these steps to set up a failover connection:

Step 1

Power off both the primary and secondary units.

Note

Step 2

Locate the failover cable (shown in

unit. The cable is labeled Primary on one end and Secondary on the other.

Install the cable for the PIX 535 as shown in

78-15170-01

3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key

sizes of 128, 192, and 256 bits are supported).

SHA1, MD5 for the (IPSec) AH protocol.

Load sharing ESP and AH activity between up to three VAC+ cards.

Diffie Hellman public key and shared secret generation.

Any other crypto-related activity uses a software implementation.

Both PIX Firewall units must be the same model number, have the same amount of RAM, Flash

memory, number and type of interfaces, and be running the same software version.

Figure

7-5). This cable is shipped separately from the PIX Firewall

Figure

7-5.

Cisco PIX Firewall Hardware Installation Guide

Installing Failover

7-7

Table of Contents

This manual is also suitable for:

Pix 506e Pix 506 Pix 520 Pix 535 Pix 515 Pix 515e ... Show all

Pix Firewall Vpn Accelerator Card - Cisco PIX 501 Hardware Installation Manual

PIX Firewall VPN Accelerator Card

Related Manuals for Cisco PIX 501

Related Content for Cisco PIX 501

This manual is also suitable for:

Table of Contents