Cisco VPN ISM f/ ISR G2 2911 CISCO2911-HSEC+/K9 Datenbogen
Produktcode
CISCO2911-HSEC+/K9
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
Features and Benefits
Table 1 describes the features supported by the Cisco VPN ISM and Table 2 describes the benefits of the Cisco
VPN ISM features.
Table 1.
Supported Features of Cisco VPN ISM
Feature
Description
Physical
The Cisco VPN ISM fits in the ISM slot in the Cisco ISR G2.
Platform support
The Cisco VPN ISM supports the Cisco 1941 and the Cisco 2900 and 3900 Series Integrated Services
Routers (ISRs).
Routers (ISRs).
Hardware prerequisites
An ISM slot for the Cisco 1941 and the Cisco 2900 and 3900 Series is required.
IP Security (IPsec) encryption
supported
supported
Authentication:
●
Rivest, Shamir, and Adelman (RSA)
●
Elliptic-Curve Digital Signature Algorithm (ECDSA)
●
Advanced Encryption Standard (AES) in Galois Message Authentication Code (GMAC)
Key exchange:
●
Diffie Hellman and Elliptic-Curve Diffie Hellman (ECDH)
Data integrity:
●
Message Digest Algorithm 5 (MD5)
●
Secure Hash Algorithm 1 (SHA-1) and Secure Hash Algorithm 2 (SHA-2)
Encryption:
●
Data Encryption Standard (DES)
●
Triple DES (3DES)
●
Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) and Galois/Counter Mode
(GCM)
Hardware Secure Sockets Layer
(SSL) encryption supported
(SSL) encryption supported
The Cisco VPN ISM supports SSL VPN encryption with DES, 3DES and AES.
Note: VPN ISM does not support DTLS.
Number of encryption modules per
router
router
The Cisco VPN ISM uses one encryption module per router.
Minimum Cisco IOS Software
version required
version required
The Cisco VPN ISM requires Cisco IOS Software Version 15.2(1)T1 or later. The SEC-K9 and HSEC-K9
licenses are required.
licenses are required.
Maximum number of IPsec
encrypted tunnels
encrypted tunnels
The Cisco VPN ISM supports up to 500 tunnels on the Cisco 1941, up to 2000 tunnels on the Cisco 2900
Series, and up to 3000 tunnels on the Cisco 3900 Series.
Series, and up to 3000 tunnels on the Cisco 3900 Series.
Standards supported
The Cisco VPN ISM supports the IPsec Internet Key Exchange (IKE): RFCs 2401 to 2410, 2411, 2451,
4306, 4718, 4869, and 5996.
4306, 4718, 4869, and 5996.
Table 2.
Features and Benefits of Cisco VPN ISM
Features
Benefits
Ability to offload encryption to a
dedicated service module
dedicated service module
Dedicated encryption protects performance while using CPU for other services.
Small physical, energy, and carbon
footprint
footprint
You can save on energy bills, hardware support contracts, and onsite visits.
Maximum performance while also
maintaining strong encryption
protection
maintaining strong encryption
protection
You have two to three times better onboard performance with the strongest Suite B encryption support.
High-overhead IPsec processing
from the main processor
from the main processor
Critical processing resources are reserved for other services such as routing, firewall, and voice.
IPsec MIB
Cisco IPsec configuration can be monitored and can be integrated into a variety of VPN management
solutions.
solutions.
Certificate support to facilitate
automatic authentication using
digital certificates
automatic authentication using
digital certificates
Encryption use scales for large networks requiring secure connections between multiple sites.
Easy integration of VPN modules
into existing Cisco 1941 and Cisco
2900 and 3900 Series Routers
into existing Cisco 1941 and Cisco
2900 and 3900 Series Routers
System costs, management complexity, and deployment effort are reduced significantly compared to
multiple-device solutions.
multiple-device solutions.