08-10-2007 10:49 AM - edited 03-03-2019 06:16 PM
a site to site vpn was set up between 871 and 2851. 2821 has a AIM-VPN/SSL-2
On 871:
sh crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Compression: No
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0020
Maximum SA index: 0020
Maximum Flow index: 0040
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 8E20D704
crypto engine state: installed
crypto engine in slot: N/A
On 2851:
show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: aim 0
VPN Module in slot: 0
Product Name: AIM-VPN/SSL-2
Software Serial #: 55AA
Device ID: 001F - revision 0000
Vendor ID: 0000
Revision No: 0x001F0000
VSK revision: 0
Boot version: 255
DPU version: 0
HSP version: 3.3(18) (PRODUCTION)
Time running: 3w0d
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 2000
Maximum SA index: 2000
Maximum Flow index: 4000
Maximum RSA key size: 2048
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Disabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 01100200
Time running: 4294967 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0300
Maximum SA index: 0300
Maximum Flow index: 0600
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 5FF8863F
crypto engine state: installed
crypto engine in slot: N/A
Thx!
08-10-2007 11:10 AM
I think this is the reference document:
http://cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110c00.html
Hope this helps, please rate post if it does!
08-11-2007 04:07 PM
Also, what software are you using ? An 851 with 12.4(11)T2 show compression supported in hardware:
gw-851w#sh crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 623892 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0020
Maximum SA index: 0020
Maximum Flow index: 0040
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: DD151A7D
crypto engine state: installed
crypto engine in slot: N/A
08-11-2007 10:30 PM
Thanks for reply, Paolo.
the ios version might be the cause:
C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(4)T7
I'll upgrade the ios to ver 12.4(11)T2, and see what's gonna happen.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide