Cisco PIX 525 사용자 설명서 - 페이지 6

{카테고리_이름} Cisco PIX 525에 대한 사용자 설명서을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco PIX 525 30 페이지. Security appliance
Cisco PIX 525에 대해서도 마찬가지입니다: 데이터시트 (13 페이지)

Installing Failover

VPN Accelerator Card

The VPN Accelerator Card (VAC) for the Cisco PIX security appliance series is a card that provides

high-performance, tunneling and encryption services suitable for site-to-site and remote access applications.

The VAC is integrated with PIX 525 unrestricted (UR) and failover (FO) bundles. You can also purchase the

VAC as a spare for use with PIX 525 units that have a restricted (R) license.

VPN Accelerator Card+

The VAC+ is a 64-bit/66 MHz PCI card that provides faster tunneling and encryption services for Virtual

Private Network (VPN) remote access, and site-to-site intranet and extranet applications, than the VAC.

Each VAC+ occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs

software Version 6.3 or later, has an appropriate license to run VPN software, and at least one PCI slot

available. While the VAC continues to be supported in Version 6.3, if both types of cards, the VAC and

the VAC+, are installed in a system running Version 6.3, the VAC card is ignored. The VAC+ runs at both

32-bit/33 MHz and 64-bit/66 MHz, and does not slow down the bus when other 66 MHz cards are

installed. We strongly recommend that you install the VAC+ in a 64bit/66 MHz slot. Performance will be

degraded if this recommendation is not followed.

The VAC+ driver supports the following:

•

Installing Failover

To install a failover connection, perform the following steps:

Power off both the primary and secondary units.

Step 1

Note

Locate the failover cable (shown in

Step 2

appliance. The cable is labeled "Primary" on one end and "Secondary" on the other.

Cisco PIX Security Appliance Hardware Installation Guide

6-6

3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key

sizes of 128, 192, and 256 bits are supported).

SHA1, MD5 for the (IPSec) AH protocol.

Load sharing ESP and AH activity between up to three VAC+.

Diffie-Hellman public key and shared secret generation.

Any other crypto-related activity uses a software implementation.

Both PIX security appliances must have the same model number, have at least as much RAM,

have the same Flash memory size, and be running the same software version. Note that the

PIX-4FE and PIX-4FE-66 cards are considered equivalent and interchangeable. You can install

a PIX-4FE in the primary unit and a PIX-4FE-66 in the secondary unit, as long as you install

them in the same slot number of each chassis. For example, if you install a PIX-4FE in Slot 1 of

the primary unit, you must also install the PIX-4FE-66 in Slot 1 of the secondary unit.

Figure

6-6). This cable is shipped separately from the PIX security

Chapter 6

PIX 525

78-15170-02