Hello,
I have a question about IPSEC throughput and crypto support for cisco 2951k9 router. I'm a bit confused. According to
http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html
On Table 2:
Embedded IP Security (IPSec) VPN Hardware Acceleration | • Embedded hardware encryption acceleration is enhanced to provide higher scalability, which combined with an optional Cisco IOS Security license, enables WAN link security and VPN services (IPSec acceleration). • The onboard encryption hardware replaces and outperforms the advanced integration modules (AIMs) of previous generations. |
So If I understand the above correctly - this router has already built in hardware crypto module and there is no need for additional hardware for that.
Great, I have some 2951 routers, and according to show version:
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M4, REL EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 19:11 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M13, RELEASE SOFTWARE (fc1)
................
Cisco CISCO2951/K9 (revision 1.1) with 487424K/36864K bytes of memory.
Processor board ID FGL161911B4
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2951/K9 FGLREMOVED
Technology Package License Information for Module:'c2951'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
Configuration register is 0x2102
So I have "VPN module installed" and I have a standard security license.
show inventory raw doesn''t show me any additional hardware module.
And I can successfully configure IPSEC tunnels.
But what will be a IPSEC throughput (average) for this device in this hardware configuration with this software license?
I have found another document which confused me -
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps12202/data_sheet_c78-682436.html
So there is an additional hardware crypto module for G2 routers which is supported with a little bit newer IOS version.
I have read some unofficial forums and found that there are 2 type of licenses - HSEC which gives the maximum crypto throughput and a "standard" one
which limits crypto (according to some regulations).
So what is the difference between embeded crypto module and ISM-VPN-29 and CISCO2951-HSEC+/K9?
Thanks,
Plamen
