8-2
Cisco 7600 Series Router Module Guide
OL-9392-05
Chapter 8 IPSec VPN Acceleration Services Module
When you configure the VPN module, the same cryptographic operations are performed as on Cisco
routers. The VPN module’s implementation of VPN is generally the same as on Cisco routers other than
the use of interface VLANs and some configuration guidelines specific to the VPN module.
Note For detailed information on Cisco IOS IPSec cryptographic operations and policies, refer to the “IP
Security and Encryption” section of the Cisco IOS Security Configuration Guide, Release 12.2.
When you configure the VPN module on the Cisco 7600 series routers, you ensure that all packets
coming from or going to the Internet pass through the VPN module. The VPN module has an extensive
set of policies that validate a packet before the packet is sent onto the local (trusted) LAN. The VPN
module can use multiple Fast Ethernet or Gigabit Ethernet ports on other Cisco 7600 series routers
modules to connect to the Internet. Packets received from the WAN routers pass through the VPN module
for IPSec processing.
On the local LAN side, traffic between the LAN ports can be routed or bridged on multiple Fast Ethernet
or Gigabit Ethernet ports. Because the local LAN traffic is not encrypted or decrypted, it does not pass
though the VPN module.
The VPN module does not maintain routing information, route, or change the MAC header of a packet
(except for the VLAN ID from one VLAN to another).
The front panel LED on the IPSec VPN Acceleration Services Module is described in Table 8-1.
Ta b l e 8-1 IPSec VPN Acceleration Services Module STATUS LED
Color/State Description
Green All diagnostic tests pass. The module is
operational.
Red A diagnostic test other than an individual port test
failed.
Orange Indicates one of three conditions:
• The module is running through its boot and
self-test diagnostic sequence.
• The module is disabled.
• The module is in the shutdown state.
Off The module power is off.
To Next Page
Loading...
Need help?
General
