check whether it is support ipsec or not on IOS and some questions.

syjeon · ‎05-23-2011

Hi all,

We have a ios imange "s72033-adventerprisek9_wan-mz.122-18.SXF8.bin".

once I enter "show crypto ipsec sa" on privileged mode on cisco 6500 router, I verified the command is working.

we can't enter the configuration mode. so I would like to check one more time whether VPN(ipsec) is upport or not on above cisco 6500 ios image.

and next questions is I've searched the some configuration regarding vpn. I've found below article.

vpn tunnel which is support only software(CPU) process, it is working only administrative vpn purpose.

--> I need to make sure what it is mean. it can't be use ipsec general purpose?

thanks you.

Jennifer Halim · ‎05-23-2011

On 6500 switch, IPSec is only supported to manage the switch itself, ie: remote vpn client to manage the 6500 switch.

If you would like to terminate IPSec between sites, or remote access vpn to access internal resources, you would need to have IPSEC-SPA module. Without the IPSEC-SPA module, IPSec is not supported natively on 6500 IOS.

Here is the release notes for your reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/features.html#wp2782875

(NB: please check under "IPsec Network Security" feature name)

Yes, you are correct, VPN tunnel which is support only software(CPU) process, ie: only on the IOS (without the IPSEC-SPA module), only supports remote vpn client to manage the 6500 switch itself.

Here is the configuration guide for IPSec with IPSec-spa on 6500 switch:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html

Hope that answers your question.

syjeon · ‎05-23-2011

Thanks halim

Is it same 7600 with supervisor 720 MSFC3 PFC3?

Jennifer Halim · ‎05-23-2011

Yes, it is the same for 7600 as well.