EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1578 background imageLoading...
Page #1578 background image
1-28
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring IPsec and ISAKMP
Configuring IPsec
Detailed Steps
Step 1 Choose the Suite B ECDSA algorithm when generating a keypair:
crypto key generate [rsa [general-keys | label <name> | modules [512 | 768 | 1024 | 2048 |
4096 ] | noconfirm | usage-keys] | ecdsa [label <name> | elliptic-curve [256 | 384 | 521]
| noconfirm] ]
Step 2 Choose the Suite B ECDSA algorithem when zeroizing a keypair:
crypto key zeroize [rsa | ecdsa] [default | label <name> | noconfirm]
Configuring the Pool of Cryptographic Cores
You can change the allocation of the cryptographic cores on Symmetric Multi-Processing (SMP)
platforms to give you better throughput performance for AnyConnect TLS/DTLS traffic. These changes
can accelerate the SSL VPN datapath and provide customer-visible performance gains in AnyConnect,
smart tunnels, and port forwarding. To configure the pool of cryptographic cores, perform the following
steps.
Limitations
• Cryptographic core rebalancing is available on the following platforms:
–
5585
–
5580
–
5545/5555
–
ASA-SM
• The large modulus operation is only available for 5510, 5520, 5540, and 5550 platforms.
Detailed Steps
Step 1 Configure the pool of cryptographic cores specifying one of three mutually exclusive options:
• balanced—Equally distributes cryptography hardware resources (Admin/SSL and IPsec cores).
• ipsec—Allocates cryptography hardware resources to favor IPsec (includes SRTP encrypted voice
traffic).
• ssl—Allocates cryptography hardware resources to favor Admin/SSL.
asa1(config)# crypto engine ?
configure mode commands/options:
accelerator-bias
Specify how to allocate crypto accelerator processors
asa1(config)# crypto engine accelerator-bias ?
configure mode commands/options
balanced - Equally distribute crypto hardware resources
ipsec - Allocate crypto hardware resources to favor IPsec/Encrypted Voice (SRTP)
ssl - Allocate crypto hardware resources to favor SSL
asa1(config)# crypto engine accelerator-bias ssl

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals