MODULE AIM-VPN/EP of C2621 in C1841?

Hello

For some tests in my lab, I ordered a Council AIM-VPN, on e - bay they guy told me that it works in a C1841.

When compared to the one I have in my error C2621, they have equal air.

On the two pcb I can read: CN6I280AAA

When I put it I get this:

Smart init is enabled

Smart init is sizing iomem

MEMORY_REQ TYPE ID

Swimming pools public buffer 0X003AA110

Swimming pools public particle 0 X 00211000

0002A 0 AIM UNKNOWN

Pools of crypto module 0 x 00020000

0X000021B8 embedded USB

You do that the card works?

Thank you for your help.

Best regards

Didier

Didier,

Can you please join out of:

-show the worm

-show diag

-show inv

-See the logg (if after start)

-show crypto eli

-See the cryptographic engine config

Let's see what is the name of the beast ;-)

Marcin

Tags: Cisco Security

Similar Questions

  • Module AIM-VPN/SSL-2

    Does anyone know if the GRE tunnels can be used with the AIM-VPN/SSL-2 module for the Cisco 2800 series routers?

    Yes, we use it with GRE/IPSec.

    Hope that helps.

  • 2611XM w / AIM-VPN/EP

    I'll implement router-to-router IOS VPN using the 2611XM VPN, which includes a map AIM-VPN/EP. The tool Advisor software of Cisco, the minimum version of the software supported by train for this card are: 12.2 (11) YT, ZJ 12.2 (15), 12.3 (1). I'm having a hard time waking up the concept of "minimum version". Does that mean I can't run 12.2 (15) T5 ZJ train coming from? Has anyone else successfully run module AIM-VPN/EP on a different version code?

    Do not know what is happening with the SW consultant, but the AIM-VPN/EP has been supported since 12.2 (8) T1, so you could certainly run 12.2 (15) T with it.

  • C1841 without the BUILD - IN Module, Bill VPN is a VPN MODULE?

    Hello

    Yesterday, that I just got a new router found on eBay.

    When I boot it I see 2 FastEthernet Interfaces (this is normal and I see them) BUT it also shows me 1 Module of virtual private network (VPN).

    Before I open this new router I try something like:

    Material SH

    SH crypto multicylindres

    HS cry engine Accelerator stat

    Here below you have the results:

    I opened the ROUTER and I see:

    NO ADDITIONAL MEMORY

    NO VPN MODULE

    Did you do something with a built-in CISCO VPN module

    Thanks in advance for your help

    Best regards

    Didier

    Router hardware #sh

    Cisco IOS Software, 1841 (C1841-ADVSECURITYK9-M), Version 12.4 (24) T1, VERSION of the SOFTWARE (fc3)

    Technical support: http://www.cisco.com/techsupport

    Copyright (c) 1986-2009 by Cisco Systems, Inc.

    Updated Saturday 19 June 09 14:00 by prod_rel_team

    ROM: System Bootstrap, Version 12.4 (13r) T, RELEASE SOFTWARE (fc1)

    The availability of router is 9 hours, 47 minutes

    System to regain the power ROM

    System image file is "flash: c1841-advsecurityk9 - mz.124 - 24.T1.bin".

    This product contains cryptographic features and is under the United States

    States and local laws governing the import, export, transfer and

    use. Delivery of Cisco cryptographic products does not imply

    third party approval to import, export, distribute or use encryption.

    Importers, exporters, distributors and users are responsible for

    compliance with U.S. laws and local countries. By using this product you

    agree to comply with the regulations and laws in force. If you are unable

    to satisfy the United States and local laws, return the product.

    A summary of U.S. laws governing Cisco cryptographic products to:

    http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

    If you need assistance please contact us by mail at

    [email protected] / * /.

    Cisco 1841 (revision 7.0) with 118784K / 12288K bytes of memory.

    Card processor ID FCZ1217905C

    2 FastEthernet interfaces

    1 module of virtual private network (VPN)

    Configuration of DRAM is 64 bits wide with disabled parity.

    191K bytes of NVRAM memory.

    250880K bytes of ATA CompactFlash (read/write)

    Configuration register is 0 x 3922

    Router #.

    Router #sh crypto multicylindres

    crypto engine name: virtual private network (VPN) Module

    crypto engine type: hardware

    Status: enabled

    Geographical area: 0 on board

    Name of product: edge-VPN

    HW Version: 1.0

    Compression: Yes

    A: Yes

    3 a: Yes

    AES - CBC: Yes (128,192,256)

    AES CNTR: No.

    Maximum length of the buffer: 4096

    Index maximum DH: 0000

    Maximum ITS index: 0000

    Maximum fluidity index: 0300

    The maximum size of the RSA key: 0000

    version of crypto lib: 20.0.0

    engine crypto in the slot: 0

    platform: hardware VPN Accelerator

    version of crypto lib: 20.0.0

    Router #sh cry engine Accelerator stat

    Device: FPGA

    Location: on board: 0

    : Statistics for device encryption since the last clear

    counters 35534 seconds ago

    68607 68607 out packages packages

    49819692 bytes in 50341181 bytes on

    1 paks/s to 1 output paks/s

    11 Kbps in 11 Kbits/sec out

    29298 decrypted packets 39309 encrypted packets

    4074464 bytes before decipher 45745228 encrypted bytes

    2537109 bytes decrypted 47804072 bytes after encrypt

    0 0 packets compressed decompressed packets

    0 bytes before Dang 0 bytes before comp

    0 bytes after Dang 0 bytes after model

    0 packets bypass decompression 0 by-pass compressor packages

    Derivation of 0 bytes 0 bytes decompression work around compressi

    0 packets not unzip 0 uncompressed packages

    0 bytes not decompressed 0 bytes not compressed

    1.0:1 overall compression ratio 1.0:1

    last 5 minutes:

    11 packages into 11 out packets

    0 paks/sec output paks/s 0

    32-bit/s at 28 bits/sec out

    496 bytes decrypted 329 bytes encrypted

    13 decrypted Kbps 8 Kbps encrypted

    1.0:1 overall compression ratio 1.0:1

    FPGA:

    DS: 0x6538DE50 idb:0x6538CD08

    Statistics for virtual private network (VPN) Module:

    68607 68607 out packages packages

    1 paks/s to 1 output paks/s

    11 Kbps in 11 Kbits/sec out

    29298 decrypted packets 39309 encrypted packets

    package overruns: 0 packets output dropped: 0

    tx_hi_drops: 0 fw_failure: 0

    invalid_sa: 0 invalid_flow: 0

    null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0

    esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0

    ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0

    esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0

    obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0

    invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0

    no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0

    pak_too_big: 0

    tx_lo_queue_size_max 0 cmd_unimplemented: 0

    flow_cfg_mismatch 0 flow_ip_add_mismatch: 0

    unknown_protocol 0 bad_particle_align: 0

    35535 seconds since the last cleaning counters

    Interruptions: Notification = 54892

    Router #.

    vpn module on board can certainly improve VPN performance comparing to pure VPN software, but is not as good as the AIM - VPN module.

    So, this will depend on your vpn traffic load, etc...

  • Problem loading AIM-VPN/HPII on C3745

    I tried last main line and T form without success.  Get the following errors on both 3745 identical routers with 2 identical modules of PURPOSE:

    on the 12.3

    * 00:01:07.419 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: No. ACK for order.., 0 x 80000000(50000 ms)

    * 00:01:07.419 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: do mini_omq failed: 00180010

    * 00:01:07.419 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: firmware download failed

    on 12.4

    * 00:01:09.995 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: No. ACK for order.., 0 x 80000000(50000 ms)

    * 00:01:09.995 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: do mini_omq failed: 00180010After mbox fail:

    * 00:01:09.995 Mar 1: base address register is: 3 A 800000

    * 00:01:09.995 Mar 1: versionid = 00140002

    Any suggestion would be appreciated.

    Module AIM location: 1

    Hardware revision: 1.0

    Number of albums part together: 800-18028-01

    Review Board: C0

    Deviation number: 0-0

    Fab Version: 03

    Serial number of PCB: FOC08101AN8

    History of the RMA tests: 00

    RMA number: 0-0-0-0

    RMA history: 00

    Product number (FRU): AIM-VPN/HPII

    Version identifier: v01

    EEPROM 4 format version

    Table of contents EEPROM (hex):

    0 X 00: 0 B 04 FF 40 03 41 01 00 C0 46 03 20 00 46 01 6

    * 00:01:09.995 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: No. ACK for order.., 0 x 80000000(50000 ms)
    * 00:01:09.995 Mar 1: % VPN_HW-1-INITFAIL: Slot 1: do mini_omq failed: 00180010After mbox fail:
    * 00:01:09.995 Mar 1: base address register is: 3 A 800000
    * 00:01:09.995 Mar 1: versionid = 00140002

    DRAM, to check if the modules of memory have a different ability, I have encountered this problem.

  • AIM-VPN/SSL-2 facility in Cisco 2821

    Hi all

    I have the router cisco 2821 wit IOS version 12.4 (25 d)

    I also have encryption for this router Cisco AIM-VPN/SSL-2 Module.

    I have inserted this module to the location of the 0 OBJECTIVE but can not see.

    I found in KB:

    http://www.Cisco.com/en/us/docs/iOS/12_4t/12_4t11/htvpnssl.html#wp1067692

    but I have no 'cryptographic engine objective' command

    Router #crypto engine (config)?

    Unit? hardware Crypto Accelerator

    Embedded onboard Crypto engine

    software software encryption engine

    When the system starts up, I see:

    0004F4 PURPOSE UNKNOWN

    This who should I change to activate this module?

    Thank you.

    Julie,

    PURPOSE/SSL engines require

    IOS 12.4 (9) T at least while you are running older 12.4 main version.

    http://www.Cisco.com/en/us/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5853_Products_Data_Sheet.html

    Marcin

  • Is the same IOS for SW and HW script?

    Hello

    I was wondering if I'm doing a script for a working VPN configuration, do I have to change the script, if I add add a VPN Module AIM-VPN/BPII-MORE later?

    How can I test the AIM - VPN module does the work and not just the software?

    Thanks in advance for your help.

    Best regards

    Didier

    Hello

    The configuration is identical, the difference is that the VPN module will unload the burden off the coast of the CPU when it is used.

    To check if the VPN module works can use "sh cry engine Accelerator stat"

    Federico.

  • EZVPN 2811 router VPN module

    Hi all

    I have a spare 2811 router that would like to use for the temporary easy VPN server.

    the router IOS is already updated security advance 15.0 K9.

    My question is the AIM - VPN a real map/module on the motherboard of the router or just pop up once the router has been upgraded to IOS security?

    SH ve | I have IOS
    Cisco IOS software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 15.0 (1) M8, RELEASE SOFTWARE (fc1)

    #sh inv
    NAME: "2811 chassis', DESCR:"2811 chassis.
    PID: CISCO2811, VID: V02, SN: FTX0911Cxxx

    NAME: ' PVDMII DSP SIMM with a DSP on the Slot 0 SubSlot 4 ', DESCR: 'PVDMII DSP SIMM with a DSP.
    PID: PVDM2-16, VID: V01, SN: FOC13071xx

    NAME: "virtual private network (VPN) on the Slot Module 0 ', DESCR: 'encryption PURPOSE Element '.
    PID: AIM-VPN/EPII-PLUS, VID: v01, SN: FOC09072xx

    You have now two VPN modules in your router:

    1. The module for basic needs
    2. The module see you in "inventory to see the" which is placed in the OBJECTIVE of on-board connector. This module has a flow more and a greater number of tunnel and will be used by default.

    There are many examples of EzVPN configuration guide:

    http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/sec_conn_esyvpn/configuration/15-Mt/sec-easy-VPN-15-Mt-book/sec-easy-VPN-Srvr.html

    If it is more then a temporary solution, I would also consider using an ASA to remote access VPN. EzVPN is more or less obsolete, and the ASA has many more features with the AnyConnect client. On the router, you can also configure remote access for AnyConnect, but it is much more complicated.

  • 2620xm router VPN module

    I have a router 2620xm 12.4 (25) with the Module Module encryption VPN DES_3DES_AES (AIM-VPN_EPII, VPN_HPII-AIM, AIM-VPN_BPII)

    I'm under Softether VPN server using IPSEC will the customers enjoy the module?

    David,

    These devices have been end of life for a while. Just in case you missed it:

    http://www.Cisco.com/en/us/prod/collateral/routers/ps259/prod_end-of-life_notice0900aecd804446da.html

    If I remember the old objectives, yes its IPsec will be used for all flows. You can confirm by:

    show crypto engine configuration

    Which should display what your engine is capable of. I could be on the account of this device being dead for a while

  • Cisco VPN-ISM-29 module

    Hi Expert,

    Do I have to purchase a license function HSECK9 to activate the module ISM-VPN-29.

    HQ_2921 #show license

    1 function of the index: ipbasek9

    Time left: life

    License type: Permanent

    The license status: Active, in use

    Number of licenses: not counted

    License priority: medium

    Function index 2: securityk9

    Time left: life

    License type: Permanent

    The license status: Active, in use

    Number of licenses: not counted

    License priority: medium

    Index 3 function: uck9

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Index 4 function: datak9

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Index 5 function: doorman

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Index 6 function: SSL_VPN

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: 0/0 (in-use/Violation)

    Priority of license: no

    Index 7 feature:-ips-updated ios

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Function index 8: SNASw

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Index 9 function: hseck9

    Function index 10: cme-srst

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: 0/0 (in-use/Violation)

    Priority of license: no

    Index 11 function: WAAS_Express

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Index 12 function: UCVideo

    Time left: not enabled

    Period of opportunity: 0 minute 0 second

    License type: EvalRightToUse

    The license status: don't use, not accept EULA

    Number of licenses: not counted

    Priority of license: no

    Boren,

    To take full advantage of the hardware, you should have hseck9, seck9 license is the application software (through MEL) limit.

    M.

  • 1841 VPN Interface module

    Hello

    I would like to know if the AIM-VPN/EPII-PLUS (for the moment installed in SRI 2821) is compatible with modular router 1841?

    Thank you.

    No, unfortunately AIM-VPN/EPII-PLUS is supported only on the 2800 series router 3825.

    In 1841, you need AIM-VPN/BPII-PLUS.

    Here's the Q & A for your reference:

    http://www.Cisco.com/en/us/prod/collateral/routers/ps5854/prod_qas0900aecd80516d81_ps5853_Products_Q_and_A_Item.html

  • Throuput VPN on a 2651XM router

    Where can I find this info?

    Also, I got the used router (for nearly nothing $) but I know it's a value of some $$$. Where can I find out what model it is exactly? 'show version' doesn't show much.

    Oh sorry, pasted the link partner. This link doesn't seem to be available on a non-partner unfortunately link, so here's a copy of the relevant pieces of her:

    --------------------------------------

    AIM-VPN/BPII, is only supported in the Cisco 2600XMs. It has support for DES/3DES and AES (optimized for the AES128 only) as well as layer 3 Compression (IPPCP). This module requires ZJ Cisco IOS version 12.2 (15) and later versions.

    AIM-VPN/BPII - MORE is only supported in the Cisco 2600XMs. AIM-VPN/EPII-PLUS is supported in the 2691 and 3725 only. The BPII-PLUS and EPII-PLUS supports DES/3DES and are optimized for all key AES (AES128, AES192 and AES256) with Layer 3 Compression (IPPCP). These modules are supported in 12.3 (5 c), 12.3 (6) and later for the releases of the pipe major and 12.3 (7) T and later for releases of T.

    Q. What is the function executes the VPN Module?

    A. the Module VPN of Cisco 1700, 2600, 3600, and 3700 Series optimizes the platform for the IPSec VPN. Module accelerates not only the triple data standard (3DES) encryption and data (a) standard encryption, advanced encryption standard (AES) algorithms used in IPSec, but it handles many other tasks related to IPSec: hash, key exchange and storage of security associations. In doing so, the VPN module releases the Cisco 1700 series processor, 2600, 3600, and 3700 to run another router, voice and firewall features.

    Q. What is the maximum performance DES/3DES/AES-128 IPSec with packages of 1 400 byte for the Cisco 1700 series, 2600, 3600, and 3700 using the VPN Module?

    A. Cisco 2650/51XM with AIM-VPN/BPII or AIM-VPN/BPII-PLUS will give 10 Mbps throughput with traffic IMIX, 22 Mbpsthroughput with the packet size of 1400bytes and support 800 tunnels.

    Q. What is the maximum performance of the IPSec AES-192/256 with IMIX packages for Cisco 1700 series, 2600, 3600, and 3700 using the VPN Module?

    A. Cisco 2650/51XM with AIM-VPN/BPII will give 8.5 Mbit/s throughput with traffic IMIX for AES-192 and 256. BPII-MORE will give around 10 Mbps performance.

    -----------------------------------------

    In addition, you should know that this card was that EOL would be according to:

    http://www.Cisco.com/en/us/products/HW/routers/ps274/prod_eol_notice0900aecd802d3d0b.html

    It is still supported until 2010 and will work well for you, it is simply not fast enough with AES-192 and AES-256 as the version MORE than the same card, which was hardware-optimized especially for large key sizes. If you use 3DES or AES-128, then there is no difference in performance.

  • IPSec VPN with compression

    Hi all

    I find this compression of supporting IPPCP 2600XM for IPSec VPN. It seems that it is supported only with a VPN module, is it?

    What would you say if I don't have module VPN, but the IPSec VPN configuration and compression for a connection low speed?

    BTW, the IPSec VPN and "compress stac" can co-exist?

    Also, what kind of compression support in 28xx with IPSec VPN?

    Thank you very much.

    MAK

    MAK,

    It depends on the installed vpn module. The previous support compression, but the compression is performed in software, not on the card, which offers only encryption. For this to work, you must run IOS 12.2 (13) T or later.

    If your previous IOS running, you cannot use compression alongside encryption PURPOSE cards at all.

    The latest maps AIM-VPN /? P II IPPC support in hardware.

    More information is here:

    http://www.Cisco.com/en/us/products/HW/routers/ps259/products_data_sheet09186a0080088750.html

    This link displays information related to the release of functionality of software compression of 12.2 (13) T

    http://www.Cisco.com/en/us/products/SW/iosswrel/ps1839/products_feature_guide09186a0080110c00.html#1027177

    Thus, the options you have depend on the IOS and the card BUT you have.

    Beginning IOS and card without compression

    12.2 (13) T and IOS beginning, hardware encryption software compression

    Last map and supporting encryption and hardware compression IOS.

    I'm unsure of the 2800 series, I expected that they support the latest novelty of compression and hardware encryption.

    Andy

  • ICMP is required for the site to site VPN

    Hello

    I'm trying to set up a connection VPN site to site with a Cisco with the AIM-VPN-SSL-1 module 1841 and a NEC IX2015. We use a GRE with IPSec tunnel

    The problem we have is the will of router NEC not repsond to ICMP packets (and it is not a way to get a reaction). This will cause problems with the tunnel?

    Thank you!

    Paul

    Do not think that it will cause no problem. The more you can not do is not able to ping to test connectivity. Other than that, the IPSec LAN-to-LAN tunnel should work just fine.

  • After "without Accelerator crypto engine" No. VPN PLUS

    Hello

    In my test harness, I have a CISCO with a Council AIM-VPN/BPII-PLUS 1841, everything worked well, until I see the difference with and without the accelerator

    Sins as soon as IOS told me he'll change accelerator SW instead of HW Accelerator, I can't make it work anymore.

    I have a copy of the full configuration of work before I did, I put it back on my router but still WITHOUT a VPN.

    Any idea what does not work?

    Here below some information on VPN + SA ISAKMP CRYPTO map:

    Module AIM location: 0

    Serial number of PCB: FOC09081PNE

    Hardware revision: 1.0

    Number of albums part together: 800-24660-01

    Review on board: D0

    Deviation number: 0

    Fab Version: 03

    History of the RMA tests: 00

    RMA number: 0-0-0-0

    RMA history: 00

    CLEI Code: CNS931XAAA

    Product number (FRU): AIM-VPN/BPII-MORE

    Version identifier: NA

    EEPROM 4 format version

    Table of contents EEPROM (hex):

    0 X 00:04 FF C1 8B 4F 46 43 30 39 30 38 31 50 4 45 40

    10: 0X04 6 41 01 00 46 03 20 00 60 54 01 42 44 30 C0

    0x20: 88 00 00 00 00 02 03 03 00 81 00 00 00 00 04 00

    0 X 30: C6 8 A 43 4F 53 39 33 31 58 41 41 41 91 41 49 BC

    0X40: 4 D 56 50 2D 4 42 50 49 49 50 4 55 53 89 2D 2F

    0 X 50 : 20 20 4F 41 FF FF FF FF FF FF FF FF FF FF FF FF

    0 X 60 : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

    0 X 70 : FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

    ROUTER1841 #sh card crypto

    Card crypto isakmp-65536-"Head-Tunnel0-0" ipsec

    Profile name: cisco

    Life safety association: 4608000 kilobytes / 120 seconds

    Answering machine-only (Y/N): N

    PFS (Y/N): N

    Transform sets = {}

    solid: {esp-3des esp-md5-hmac},.

    }

    Interfaces using crypto map Tunnel0-head-0:

    Tunnel0

    "Clientmap" ipsec-isakmp crypto map 10

    Dynamic map template tag: dynmap

    Interfaces using map clientmap crypto:

    FastEthernet0/0

    ROUTER1841 #.

    Best regards
    Didier

    You disable the VPN tunnel after disabling the VPN accelerator card?

    You need to do:

    delete the ipsec cry his

    clear the isa cry his

    Then build the interesting traffic again and please share the output of:

    HS cry isa his

    HS cry ipsec his

    If the VPN is not upward, you can enable debug and share the output:

    debugging cry isa

    debugging ipsec cry

Maybe you are looking for