cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
837
Views
0
Helpful
7
Replies

VPN End Point on 4506 chassis

tonysebastian
Level 1
Level 1

Can I make CISCO 4506 chassis as IPSec head end.?? 

image version is 15.1(2)SG6

Sup engine is ws-x45-sup6-e

7 Replies 7

Pulkit Saxena
Cisco Employee
Cisco Employee

Hi Tony,

Yes you can certainly run VPN and make 4506 as a head end device for VPN termination.

You need to have VPN/Encryption Services Adapter for hardware-accelerated encryption.

-

Pulkit

Hi Pulkit

Thanks for your response. But in the release note for Catalyst 4500 Series Switch, Cisco IOS 15.1(2)SGx, it is mentioned that it will support IPSec only for management traffic. Please go through the below URL and advice me.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_27991-01.html#pgfId-2674444.

Regards 

Tony

 

 

 

 

Rahul Govindan
VIP Alumni
VIP Alumni

Nope. The 4500 cannot act as VPN headend, at least not these days.You can use the 6500 as IPSEC headend using IPSEC SPA or the VSPA.

Hi Rahul  

Thanks for your feedback. I just need terminate  only 15 tunnels to 45K switch. Could you please suggest weather switch will support configuration for the same.

Thanks 

Tony

I would suggest a router rather than a switch for this purpose. Switches are not usually used for IPsec termination as they are commonly sit behind the gateway device. Also, the modular switches require the presence of additional hardware to do encryption.

All of the Cisco routers these days support IPsec VPN's and have inbuilt hardware to do that.

I would suggest the ISR 4000 models for VPN. You can look at the Model comparison and Datasheet for more info:

http://www.cisco.com/c/en/us/products/routers/4000-series-integrated-services-routers-isr/models-comparison.html

http://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html

I believe if we have the module already in place, it can be used. However, if we do not have the module then we cannot get it now since the device is EOl/EOS.

-

Pulkit

Which module are you referring to? I did not see any reference to a VPN encryption module in the 4500 or Sup6E datasheet.