PDF(75.4 KB) View with Adobe Reader on a variety of devices
Updated:October 17, 2008
Document ID:1474268192409274
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Overview
The VPN Acceleration Module 2+ (VAM2+) for Cisco 7301 and 7200VXR Series routers provides high-performance encryption/compression and key generation services for IPSec virtual private network (VPN) applications. Like the VAM2, the VAM2+ supports both Data Encryption Standard (DES), triple DES, and Advanced Encryption Standard (AES) 128-bit keys but adds hardware-acceleration for 192 and 256-bit AES keys. The VAM2+ continues to provide hardware-assisted Layer-3 compression services integral with its encryption services, conserving bandwidth and lowering network connection costs over secured links. This combination of security features and advanced network services offers a flexible, integrated approach to accommodate the most diverse enterprise or service provider network environments.
Features at a Glance
The VAM2+ supports DES, 3DES, and AES IPSec encryption at up to 280 Mbps while maintaining support for 5000 simultaneous tunnels. The VAM2+ also integrates hardware-assisted RSA and IP Payload Compression Protocol (IPPCP) Lempel-Ziv-Stac (LZS) compression, accelerating RSA processing speeds, tunnel setup and creation time improving overall VPN initialization while compressing payload data for streamlined communications. Thus in those environments where bandwidth is costly, VAM2+ is able to compress network traffic before it is encrypted and sent over pay-per-byte WAN connections saving transmission costs and improving overall throughput.
Features
Description
Physical
Service adapter-Installs in a single port adapter slot on the Cisco 7301 or 7200 Series routers
Platform support
Cisco 7301 and 7200 Series with NPEG2, NPE G1 or NPE-400
Throughput-Single VAM2+*
Up to 280 Mbps using 3DES or AES
Number of IPSec protected tunnels**
Up to 5000 tunnels
Hardware-based encryption
Data protection: IPSec DES, 3DES, AES
Authentication: RSA and Diffie-Hellman
Data integrity: SHA-1 and Message Digest 5 (MD5)
VPN tunneling
IPSec tunnel mode; generic routing encapsulation (GRE) and Layer 2 Tunneling Protocol (L2TP) protected by IPSec
Hardware-based compression
Layer 3 IPPCP LZS
LAN/WAN interface selection
On the Cisco 7200 Series, VAM2+ works with most Cisco 7200 VXR-compatible port adapters
Minimum Cisco IOS Software Release supported
12.3(12) or 12.3(11)T3 Advanced Security or higher feature set
Standards supported
IPSec/IKE: RFCs 2401-2411, 2451
IPPCP: RFC 2393, 2395
*As measured with IPSec 3DES HMAC-SHA1 on 1400 byte packets.
**512MB of memory is required to support 5000 tunnels.
Cisco Management Software for IPSec VPNs
Single Device Management
The Cisco
® Router and Security Device Manager (SDM) is an intuitive, Web-based device management tool for Cisco IOS
® routers. Cisco SDM simplifies router and security configuration through intelligent wizards, enabling customers to quickly and easily deploy, configure, and monitor a Cisco router without requiring knowledge of the Cisco IOS Software command-line interface (CLI).
http://www.cisco.com/en/US/partner/products/sw/secursw/ps5318/index.html
Multiple Device Management
Cisco Security Manager (CS Manager), an integral part of the SAFE blueprint for network security, combines Web-based tools for configuring, monitoring, and troubleshooting enterprise virtual private networks (VPNs), firewalls, and network and host-based intrusion detection systems (IDS). CS Manager delivers the industry's first robust and scalable foundation and feature set that addresses the needs of small and large-scale VPN and security deployments.
VAM2+ support begins in Cisco IOS
® Software Release 12.3(12) or 12.3(11)T3 advanced security or higher feature set. Cisco 7301 and 7200 security bundles are currently available that include VAM2+ for easy ordering at a bundle discount.
Part Number
Description
SA-VAM2+
VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series
SA-VAM2+=
VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series, Spare
3DES software for the VAM2+ is controlled by U.S. export regulations on encryption products. The module itself is not controlled. U.S. regulations require the recording of names and addresses of recipients of DES and 3DES software. For more details, see
http://www.cisco.com/wwl/export/crypto/.
Certifications
Cisco is committed to maintaining an active product certification and evaluation program for customer's worldwide. We recognize that certifications and evaluations are important to our customers, and we continue to be a leader in providing certified and evaluated products to the marketplace. We also will continue to work with international security standards bodies to help shape the future of certified and evaluated products, and will work to accelerate certification and evaluation processes. Certification and evaluation are considered at the earliest part of our product development cycle, and we will continue to position our security products to insure that customers have a variety of certified and evaluated products to meet their needs. For security certification product details, see
http://www.cisco.com/en/US/partner/netsol/ns340/ns394/ns171/networking_solutions_audience_business_benefit0900aecd8009a16f.html