Cisco VPN Internal Service Module for Cisco ISR G2



Similar documents
Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the "AIM-VPN/SSL" Module

Cisco Wide Area Application Services (WAAS) Network Module

Cisco SR 520-T1 Secure Router

Cisco Intrusion Detection System Services Module (IDSM-2)

Cisco Integrated Services Routers Performance Overview

Cisco Wide Area Application Services (WAAS) Appliances

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Cisco ASA 5500 Series IPS Solution

Cisco Secure Network Server

Cisco ASA 5585-X Next-Generation Firewall

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Cisco Nexus 7000 Series Supervisor Module

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

How To Build A Cisco Uniden Computing System

VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco Services-Ready Engine

Cisco Channelized T1/E1 and ISDN PRI Modules for the Integrated Services Routers

Cisco 4-Port Clear Channel T1/E1 High-Speed WAN Interface Card

Cisco Unified Communications 500 Series Model 540 for Small Business

Cisco Unified Communications 500 Series Model 560 for Small Business

Cisco Enhanced High-Speed WAN Interface Cards

Cisco Unified Communications 500 Series Model 540 for Small Business

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800, 2900, 3800 and 3900 Series Integrated Services Routers

Enhanced Performance, Versatility, High Availability, and Reliability at the Provider Edge

Cisco Channelized T1/E1 and ISDN PRI Modules for the Integrated Services Routers

CCNA Security 1.1 Instructional Resource

Cisco 4-Port Clear Channel T1/E1 High-Speed WAN Interface Card for Cisco 2821, 2851, and 3800 Series Integrated Services Routers

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Cisco 2600 Series Modular Access Routers

Cisco Wireless Security Gateway R2

Cisco G.SHDSL High Speed WAN interface Card with IEEE 802.3ah EFM Support for Cisco Integrated Services Routers

Cisco UCS B-Series M2 Blade Servers

Cisco ubr7200-npe-g2 Network Processing Engine

Cisco Wide Area Virtualization Engine

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco Nexus 7000 Series.

Cisco ASA 5500-X Series Next-Generation Firewalls

Enhanced Performance, Versatility, High Availability, and Reliability at the Provider Edge

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Cisco Channelized T1/E1 and ISDN PRI Modules

Cisco IPS 4200 Series Sensors

Extending Performance, Versatility, and Reliability at the Provider Edge

Cisco RV 120W Wireless-N VPN Firewall

Cisco NetFlow Generation Appliance 3240

Cisco UCS B440 M2 High-Performance Blade Server

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Introduction to Security and PIX Firewall

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco Packet-over-T3/E3 Service Module

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

CISCO PIX SECURITY APPLIANCE LICENSING

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Cisco 7100 Series VPN Routers

ARUBA 7000 SERIES CLOUD SERVICES CONTROLLER

Cisco UCS B200 M3 Blade Server

How To Use The Cisco Aironet 1240G Series For A Wireless Network (Wired) And For A Wired Network (Wireless)

T1/E1 High-Speed WAN Interface Card for Cisco 1861 Router

Cisco Branch Routers Series Network Analysis Module

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Cisco ASA 5500 Series Adaptive Security Appliances for the Internet Edge

Cisco IAD2435-8FXS Business Class Integrated Access Device

Introduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces

Cisco VPN 3000 Concentrator Series

Cisco 7600 Series Route Switch Processor 720

Cisco Unified IP Phone Power Injector

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Cisco UCS B460 M4 Blade Server

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Overview. SSL Cryptography Overview CHAPTER 1

National Security Agency Perspective on Key Management

Cisco ASR 9001-S Router

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Cisco 2600 Series Modular Access Router Family

Cisco UCS E-Series Servers and Network Compute Engines

- Introduction to PIX/ASA Firewalls -

1- and 2-Port Fast Ethernet High-Speed WAN Interface Cards for Cisco 1841, 2800, and 3800 Series Integrated Services Routers

Cisco Multimode VDSL2 and ADSL2/2+ Network Interface Module

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

CCNA Security 2.0 Scope and Sequence

Transcription:

Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services Routers Generation 2 (ISR G2) that provides the capability to considerably increase performance for VPN encrypted traffic. The module has a multicore processor that operates independently of the host router resources, helping ensure maximum concurrent encrypted application performance while maintaining competitive performance for other types of traffic. The Cisco VPN ISM supports the latest versions of cryptography standards, including stronger National Security Agency (NSA) regulated cryptographic algorithms such as Suite B Cryptography. The Cisco VPN ISM is ready to use, allowing quick and easy installation of the module for increasing VPN encryption performance on Cisco ISR G2 routers. The VPN ISM is compatible with all Cisco ISR G2 routers that support the ISM card slot and runs the same level of feature-rich functions as found on the Cisco ISR G2. It integrates all elements necessary to optimize branch-office IT infrastructure for delivery of encrypted application data from the data center and deployment of branch-office applications on demand, and houses them under a single chassis - the Cisco ISR G2. Figure 1 shows the Cisco VPN Internal Service Module (VPN ISM). Figure 1. Cisco VPN Internal Service Module (VPN ISM) 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 6

Features and Benefits Table 1 describes the features supported by the Cisco VPN ISM and Table 2 describes the benefits of the Cisco VPN ISM features. Table 1. Feature Supported Features of Cisco VPN ISM Description Physical The Cisco VPN ISM fits in the ISM slot in the Cisco ISR G2. Platform support Hardware prerequisites IP Security (IPsec) encryption supported Hardware Secure Sockets Layer (SSL) encryption supported Number of encryption modules per router Minimum Cisco IOS Software version required Maximum number of IPsec encrypted tunnels The Cisco VPN ISM supports the Cisco 1941 and the Cisco 2900 and 3900 Series Integrated Services Routers (ISRs). An ISM slot for the Cisco 1941 and the Cisco 2900 and 3900 Series is required. Authentication: Rivest, Shamir, and Adelman (RSA) Elliptic-Curve Digital Signature Algorithm (ECDSA) Advanced Encryption Standard (AES) in Galois Message Authentication Code (GMAC) Key exchange: Diffie Hellman and Elliptic-Curve Diffie Hellman (ECDH) Data integrity: Message Digest Algorithm 5 (MD5) Secure Hash Algorithm 1 (SHA-1) and Secure Hash Algorithm 2 (SHA-2) Encryption: Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) and Galois/Counter Mode (GCM) The Cisco VPN ISM supports SSL VPN encryption with DES, 3DES and AES. Note: VPN ISM does not support DTLS. The Cisco VPN ISM uses one encryption module per router. The Cisco VPN ISM requires Cisco IOS Software Version 15.2(1)T1 or later. The SEC-K9 and HSEC-K9 licenses are required. The Cisco VPN ISM supports up to 500 tunnels on the Cisco 1941, up to 2000 tunnels on the Cisco 2900 Series, and up to 3000 tunnels on the Cisco 3900 Series. Standards supported The Cisco VPN ISM supports the IPsec Internet Key Exchange (IKE): RFCs 2401 to 2410, 2411, 2451, 4306, 4718, 4869, and 5996. Table 2. Features Features and Benefits of Cisco VPN ISM Benefits Ability to offload encryption to a dedicated service module Small physical, energy, and carbon footprint Maximum performance while also maintaining strong encryption protection High-overhead IPsec processing from the main processor IPsec MIB Certificate support to facilitate automatic authentication using digital certificates Easy integration of VPN modules into existing Cisco 1941 and Cisco 2900 and 3900 Series Routers Dedicated encryption protects performance while using CPU for other services. You can save on energy bills, hardware support contracts, and onsite visits. You have two to three times better onboard performance with the strongest Suite B encryption support. Critical processing resources are reserved for other services such as routing, firewall, and voice. Cisco IPsec configuration can be monitored and can be integrated into a variety of VPN management solutions. Encryption use scales for large networks requiring secure connections between multiple sites. System costs, management complexity, and deployment effort are reduced significantly compared to multiple-device solutions. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 6

Features Confidentiality, data integrity, and data origin authentication through IPsec Cisco IOS SSL VPN Benefits Secure use of public switched networks and the Internet for WANs is facilitated. Businesses can securely and transparently extend their networks to any Internet-enabled location using SSL VPN. The Cisco IOS SSL VPN supports Cisco AnyConnect Client, enabling full network access remotely to virtually any application. Platforms Supported Cisco VPN ISM acceleration module platform support is outlined in Table 3. Table 3. Supported Platforms Platform Support 880 No 890 No 1921 No 1941 Yes 2901 Yes 2911 Yes 2921 Yes 2951 Yes 3925 Yes 3945 Yes 3925E No 3945E No Cisco VPN ISM IPsec VPN Performance IPsec The Cisco 1941 Series Module (ISM-VPN-19) can provide hardware-based IPSec encryption services of 140 and 500 Mbps in the Cisco 1941 (IPSec Internet mix [IMIX] and 1400-byte packets). The Cisco 2900 Series Module (ISM-VPN-29) can provide hardware-based IPSec encryption services of 145 and 550 Mbps in the Cisco 2901, 150 and 600 Mbps in the Cisco 2911, 220 and 700 Mbps in the Cisco 2921, and 385 and 900 Mbps in the Cisco 2951 (IPSec IMIX and 1400-byte packets). The Cisco 3900 Series Module (ISM-VPN-39) can provide hardware-based IPSec encryption services of 550 and 1100 Mbps in the Cisco 3925 and 600 and 1200 Mbps in the Cisco 3945 (IPSec IMIX and 1400-byte packets). 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 6

Product Specification Table 4 gives specifications for the Cisco VPN ISM. Table 4. Cisco VPN ISM Product Specifications Feature Product part number Form factor Internal network interfaces Cisco IOS Software IPsec Support Encryption Key exchange Digital signature Integrity Power Specification Power consumption (maximum) Physical Specification Dimensions (H x W x D) Shipping dimensions (H x W x D with packaging) Maximum weight Operating Conditions Operating temperature Humidity Altitude (operating) Specification ISM-VPN-19 ISM-VPN-29 ISM-VPN-39 CISCO1941-HSEC+/K9 CISCO2901-HSEC+/K9 CISCO2911-HSEC+/K9 CISCO2921-HSEC+/K9 CISCO2951-HSEC+/K9 CISCO3925-HSEC+/K9 CISCO3945-HSEC+/K9 ISM Gigabit Ethernet connectivity to router backplane 15.2(1)T1 or higher Data Encryption Standard (DES), 3DES, Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) and Galois/Counter Mode (GCM) (128-, 192-, and 256-bit) Diffie Hellman (DH) and Elliptic-Curve Diffie Hellman (ECDH) Rivest, Shamir, and Adelman (RSA) and Elliptic-Curve Digital Signature Algorithm (ECDSA) Message Digest Algorithm 5 (MD5), Secure Hash Algorithm 1 and 2 (SHA-1 and SHA-2, respectively) (384- and 512-bit), and AES-GMAC (128-, 192-, 256- bit) 20W 0.85 x 4 x 6.1 in. (2.2 x 10.2 x 15.5 cm) 9.45 x 7.18 x 2.38 in. (24 x 18.4 x 6.05 cm) 0.5 lb (0.206 kg) Transportation and Storage Conditions Temperature Relative humidity Altitude Cisco 1941 and 2901: 32 to 104 F (0 to 40 C) normal Cisco 2911, 2921, 2951, 3925, and 3945: 32 to 122 F ( 0 to 50 C) normal 10 to 95% operating 104 F (40 C) at sea level 104 F (40 C) at 6,000 ft (1,800m) 86 F (30 C) at 13,000 ft (4,000m) 81 F (27.2 C) at 15,000 ft (4,600m) Note: De-rate 34.5 F (1.4 C) per 1,000 ft above 6,00 0 ft (per 300m above 2,600m) -4 to 149 F (-20 to +65 C) 9 to 95% operating 10,000 ft (3,050m) 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 6

Feature Specification Regulatory Compliance Safety EMC UL 60950-1, 2nd Edition, Standard for safety for information deployable platform technology equipment (US) CAN/CSA-C22.2 No. 60950-1-03, Safety of information technology equipment including electrical business equipment (Canada) IEC 60950-1:3 rd edition [PRC] Safety of information technology equipment/second Edition [Mexico] EN 60950-1:2001, Safety of information technology equipment (CENELEC; includes EU and EFTA) AS/NZS 60950-1, Safety of information technology equipment including electrical business equipment (Australia) Emissions: 47 CFR Part 15 Class A CISPR22 Class A EN300386 Class A EN55022 Class A EN61000-3-2 EN61000-3-3 ICES Class A KN 22 Class A VCCI Class I Immunities: CISPR24 EN300386 EN55024 EN61000-6-1 Ordering Information For information about how to order the Cisco VPN Internal Service Module, please visit the Cisco ISR G2 Ordering Guide. To place an order, visit the Cisco Ordering Home Page and refer to Tables 5 and 6. For additional product numbers, including the Cisco VPN ISM bundle offerings, please check the Cisco price list or contact your local Cisco account representative. To download software, please visit the Cisco Software Center. Table 5. Cisco VPN ISM Ordering Information Product Number ISM-VPN-19 ISM-VPN-29 ISM-VPN-39 Product Description VPN Internal Service Module for support on 1941 platform VPN Internal Service Module for support on 2901,2911,2921 and 2951 platforms VPN Internal Service Module for support on 3925 and 3945 platforms Table 6. Cisco VPN ISM and ISR G2 Bundles Ordering SKU CISCO1941-HSEC+/K9 CISCO2901-HSEC+/K9 CISCO2911-HSEC+/K9 CISCO2921-HSEC+/K9 CISCO2951-HSEC+/K9 CISCO3925-HSEC+/K9 CISCO3945-HSEC+/K9 Description Security bundle for 1941 ISR G2 Platform, including VPN ISM Security bundle for 2901 ISR G2 Platform, including VPN ISM Security bundle for 2911 ISR G2 Platform, including VPN ISM Security bundle for 2921 ISR G2 Platform, including VPN ISM Security bundle for 2951 ISR G2 Platform, including VPN ISM Security bundle for 3925 ISR G2 Platform, including VPN ISM Security bundle for 3945 ISR G2 Platform, including VPN ISM 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 6

Warranty Information Warranty information is available on Cisco.com at the Product Warranties page. Service and Support Information Cisco VPN ISM hardware service and support is covered by the Cisco SMARTnet Service contract for the router in which the module will reside. For more information about Cisco Technical Services visit http://www.cisco.com/go/ts. For More Information For more information about the Cisco VPN ISM, please visit http://www.cisco.com/go/vpnism or contact your local Cisco account representative. Printed in USA C78-682436-02 04/13 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information