The Cisco® VPN Acceleration Module 2 (VAM2) for Cisco 7200 Series routers provides high-performance encryption/
compression and key generation services for IP security (IPsec) VPN applications. The Cisco VAM2 features hardware acceleration for Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple DES (3DES), providing increased performance for site-to-site and remote-access IPsec VPN services. The Cisco VAM2 provides hardware-assisted Layer 3 compression services with its encryption services, conserving bandwidth and lowering network connection costs over secured links. A Cisco 7200 Series router equipped with the VAM2 extends beyond these critical VPN services with full Layer 3 routing, quality of service (QoS), multicast and multiprotocol traffic, and broad support of integrated LAN/WAN media. This combination of security features and advanced network services offers a flexible, integrated approach to accommodate the most diverse enterprise or service provider network environments.
Figure 1. VPN Acceleration Module 2
FEATURES AT A GLANCE
The Cisco VAM2 supports DES, 3DES, and AES IPsec encryption at up to 260 Mbps while maintaining support for 5000 simultaneous tunnels. For higher IPsec performance requirements, Cisco 7200 Series routers with the NPE-G1 processor support dual Cisco VAM2s for increased encryption throughput.
The Cisco VAM2 provides hardware-assisted IP Payload Compression Protocol (IPPCP) Lempel-Ziv-Stac (LZS) compression. In environments where bandwidthiscostly,theCiscoVAM2isable to compress network traffic before it is encrypted and sent over pay-per-byte WAN connections-saving transmission costs and improving overall throughput. Table 1 lists the features of the Cisco VAM2.
Table 1. Cisco VAM2 Features
Features
Description
Physical
Service adapter; installs in a single port-adapter slot on any Cisco 7200 Series router
Platform Support
Cisco 7200 Series with NPE G1, NPE-400, NPE-300, NPE-225, or NSE-1 processors
Throughput (Single VAM2*)
Up to 260 Mbps using 3DES
Number of IPsec Protected Tunnels**
Up to 5000 tunnels
Hardware-Based Encryption
Data protection: IPsec DES, 3DES, and AES Authentication***: RSA and Diffie-Hellman Data integrity: Secure Hash Algorithm 1 (SHA-1) and Message Digest 5 (MD5)
VPN Tunneling
IPsec tunnel mode; generic routing encapsulation (GRE) and Layer 2 Tunneling Protocol (L2TP) protected by IPsec
Hardware-Based Compression
Layer 3 IPPCP LZS
LAN/WAN Interface Selection
Works with most Cisco 7200 VXR-compatible port adapters
Minimum Cisco IOS® Software Release Supported
Cisco IOS Software releases 12.3(1)M or 12.3(1)T
Standards Supported
IPsec/Internet Key Exchange (IKE): RFCs 2401-2411 and 2451 IPPCP: RFCs 2393 and 2395
* As measured with IPsec 3DES Hashed Message Authentication Code (HMAC)-SHA-1 on 1400-byte packets.
** 512 MB of memory is required to support 5000 tunnels.
*** 128-bit Advanced Encryption Standard (AES) in hardware and 192/256 bits in HSP software
ORDERING INFORMATION
Cisco VAM2 support is available beginning in Cisco IOS Software releases 12.3(1)M and 12.3.(1)T. Three Cisco 7200 Series VPN bundles, which include the VAM2 hardware accelerator and appropriate Cisco IOS Software release, are also available for easy ordering (Table 2).
Table 2. Ordering Information
Part Number
Description
SA-VAM2
VPN Acceleration Module 2 for the Cisco 7200 Series
7206VXRG1/2VPNK9
Cisco 7206VXR with the NPE-G1 processor and VAM2
7206VXR400/2VPNK9R
Cisco 7206VXR with the NPE-400 processor and VAM2
7206VXR225/2VPNK9
Cisco 7206VXR with the NPE-225 processor and VAM2
* All bundles include an SA-VAM2, a single AC power supply, and an IP IPsec Cisco IOS Software image.
EXPORT REGULATIONS
3DES software for the Cisco VAM2 is controlled by U.S. export regulations on encryption products. The module itself is not controlled. U.S. regulations require the recording of names and addresses of recipients of DES and 3DES software. For more information, visit: http://www.cisco.com/wwl/export/crypto/
