Cisco WAN :: 3900 ISR G2 AES256 Support In Hardware?

Jan 29, 2011

The datasheets indicate that the 39xx series ISR G2 routers support AES, but they don't indicate if they handle both AES128 and AES256 in hardware.  Via our account manager, we've heard that they only support AES128 in hardware, but not AES256.  Given there's no equivalent of an AIM-VPN/SSL-3 module for a 39xx router, this could be a problem for a deployment we're looking at doing.
 
I can find no document anywhere on cisco.com that confirms that AES256 specifically is supported IN HARDWARE on, say, a 3945E router.
 
And, if it is supported, are there any performance numbers available for throughput?  We're trying to find out if a 3945E is appropriate, or if we need to go with a 7206VXR w/NPE-G2 and VAM2+ module.

View 3 Replies


ADVERTISEMENT

Cisco WAN :: 3750 / 3900 / 1002F - Support For 2 To 3 Full-view BGP

Aug 12, 2012

Now, I use Catalyst WS-C3750G-12S-S as BGP router. But it is switch do not support in higher 65535 (32 bit asn). In future, I plan to use two or three ISP (each will be connected through 1Gb uplink). I need a router, who will be support 32 bit AS number and work with two or three full view BGP tables. I look at Cisco 3900 series, and ASR1002F.

View 2 Replies View Related

Cisco Switching/Routing :: How Many Route Entries Does 3945E Or/and 3900 ISR G2 Support

Dec 1, 2011

I have a question concerning about how many ospf and bgp route entries does 3945E isr g2 router support?

View 6 Replies View Related

Cisco WAN :: 1900 / 2900 / 3900 - Which Type Of Card Support Interface Slot

Nov 14, 2011

Cisco 1900 , 2900 and 3900 have Interface Slots and Service Module Slots , My question is which type of card is support this slot.

View 6 Replies View Related

Cisco VPN :: AES256 VPN Encryption Method

Dec 21, 2012

I've some VPN encryption method questions.Is it recommended to use different encryption algorithms for both VPN phases (phase 1 and phase 2)?I’ve read once that it is much secure to use different encryption algorithms for each phase.In my opinion, I would go for the AES256 algorithm in both phases. But maybe it is a better idea to use AES128 or AES192 in the first phase and AES-256 in the second phase… I don't know.After saying this, I’m also wondering about the best VPN encryption setup for a site-to-site VPN (IKEv2) when using a Cisco ASA like the 5510, 5520 or the 5515.Which encryption method is recommended for phase 1 and phase 2Which PFS / DH-group should be used (considering CPU load and security) 

View 2 Replies View Related

Cisco Security :: Encryption Option For AES256-CTR

Aug 1, 2011

Does there are plans to include  support AES256-CTR (vice AES256-CBC) in IOS code?

View 2 Replies View Related

Cisco VPN :: AES256 / 3 DMVPN Tunnel With Different Encryption To The Same Destination?

Apr 25, 2013

i have a general Question regarding buildings SA´s between two peers.Can I establish more than one SA between two Peers with the same IP Address?Actually I have 3 DMVPN´s running in parallel in different VRF´s using the same SA.They have all the same IPSEC encryption AES256.Now I need to reduce the encryption to 3DES in one of the three DMVPN´s.Is that possible or do I need a differnet IP Address so that the SA Pair is unique?Thats how I stared, with a Phase 2 failure that it is not acceptable.

crypto keyring preshared
  pre-shared-key address x.x.x.x key ....ncvnbxcnbLsaYiKtxc4ex4U99Tn...
  pre-shared-key address x.x.x.x key ....qerqwerJLsaYiKtxc4ex4U99Tn...
  pre-shared-key address 0.0.0.0 0.0.0.0 key ....JLsaYiKtxewrc4ex4U99Tn...

[code]....

View 4 Replies View Related

Cisco WAN :: ACL On 3900 Series

Dec 26, 2011

I have some simple rules on 2 extended lists:ip access-list extended FWINpermit tcp any host 192.36.86.231 eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp any host 192.36.86.231 eq 4500 8008 8443permit tcp any host 192.36.86.231 range 5900 5950permit tcp any host 192.36.86.231 range 33434 33550permit tcp any host 192.36.86.241 eq ftp-data ftp 22 www 1935 2195 3306 8888permit tcp any host 192.36.86.241 range 8080 8090permit tcp any host 192.36.86.241 range 33434 33550ip access-list extended FWOUTpermit tcp host 192.36.86.231 any eq ftp-data ftp 22 www 443 516 666 671 672 2222permit tcp host 192.36.86.231 any eq 4500 8008 8443permit tcp host 192.36.86.231 any range 5900 5950,The issue is that 192.36.86.231 can access internet, and 192.36.86.241 can not.Is there a way to troubleshoot 192.36.86.241's connection/packets flow?

View 1 Replies View Related

Cisco WAN :: SRE Module For 3900

Oct 9, 2012

Wat will be the default memory and hard disk for SM-SRE-710-K9 and wat will be the maximum support for this module.

View 1 Replies View Related

Cisco WAN :: MBTF For 2900 And 3900?

Jun 20, 2012

provide my some (official) info regarding the MBTF for the C2900 and C3900 routers (2911 and 3945)? This info is currently not part of the data sheets.

View 0 Replies View Related

Cisco WAN :: 3900 Port Seen To Be Shutting Themselves Off

May 8, 2011

On my 3900 Router my port seen to be shutting themselves off, they are connected antenna.

View 2 Replies View Related

Cisco WAN :: 3900 To Enable The Hardware Acceleration

Apr 6, 2011

I just replaced 2800 router this did not have a VPN hardware accelerator with a 3925 that does have a VPN accelerator built in. I copied the same VPN (ISPEC/ISAKMP) config from the 2800 to the 3925 and it works. Is there something special I have to do to enable the hardware acceleration or is it automatically used for every VPN session?

View 1 Replies View Related

Cisco WAN :: 3900 - Getting LAN Network To Communicate With WAN Gateway?

Mar 12, 2013

I have a cisco 3900 integrated services router. I am a little new to the cisco IOS. I am having an issue getting my LAN network to communicate with the WAN gateway. From hosts I can ping the interface IP address but not the gateway. I have used the default route command of IP route 0.0.0.0 0.0.0.0 [wan gateway from ISP] I have already set up NAT, DHCP, I just cant seem to get the internet working, the following is my config.

Code...

View 9 Replies View Related

Cisco Switching/Routing :: 3900 - Add On Module

Jun 10, 2013

i have a cisco router (3900 series) and a add on module (4 x 1 Gig port module). For some reason i cant seem to port channel them and cant do routing (can set an ip address on those ports). I can do port channel and routing on  on-board ports. Do i have to enable any commands to do this ?                   

View 3 Replies View Related

Cisco Switching/Routing :: 3900 - ISP Failover Using IP SLA?

Feb 20, 2012

I am trying to configure ISP failover using IP SLA tracking in Cisco 3900 router(C3900-SPE100/K9).
 
I want to configure below commands:
 
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000

[Code].....
 
configure IP sla static route tracking in Cisco 3900 series router.

View 3 Replies View Related

Cisco VPN :: Recommended IOS For DMVPN 3900 Series

Jan 1, 2013

I am setting up a DMVPN between several dozen sites using 2800, 2900 and 3900 series ISRs.  The DMVPN Design Guide recommends current 12.4 or 12.4T IOS, but the DG was last updated in July 2008.  I cannot seem to find any recommendations newer than this.  I'm hoping Cisco or the community can give me an updated recommendation.

View 5 Replies View Related

Cisco WAN :: 3900 - IP Multicast Rate-Limit

Feb 16, 2012

I run streaming multicast video cameras on my network. I stumbled upon the command ip multicast rate-limit. When I configured a test setup in my lab (multicast camera source and a few routers) and tried the command it simply did not work. Moreover, when I went to use the command on a 3900 router in my lab, it was not there.
 
I take it this command has been deprecated?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: AAA Authentication Via Console And SSH 3900

Apr 3, 2012

I've been trying to find the right information on Cisco's site, and I'm not having success.
 
We have a 3900 router that we would like to do authentication via a local userdatabase. We want ssh access and console access using a local user on the router. I've been working on the console piece and everytime I try it, I get prompted for a username, but it is not accepted.

View 2 Replies View Related

Cisco WAN :: 3900 Router - Traffic Not Flowing

Jun 13, 2013

i have a gateway router going to the internet....using public IP addresses on both interfaces. starting on Monday, traffic would suddenly stop flowing from the inside of the network going out, though i can still ping the outside interface  , but when I log in to the router I am able to ping to the internet. so its like traffic is not passing from the outside int to the inside int. I have a 3900 router. other thing is, when i restart the router it will work for some time and then just stop again....

View 6 Replies View Related

Cisco WAN :: 3900 The Actual Limit On The Number Of IPSEC

Nov 16, 2010

Any actual limit on the number of IPSEC SAs  that can be negotiated on the crypto module of a 3900 series G2 router?  When I issue the command on a 2900 G2,This implies the 2900 series can handle 1800 IPSEC tunnels with an SA used for each direction.  All of the documentation and support requests have stated that the crypto module is better than the AIM module in the older series routers but I have been unable to get a concrete answer to the limit.

View 21 Replies View Related

Cisco WAN :: How Many Ipsec Tunnels Are Supported In 3900 Routers

Jul 30, 2011

How many ipsec tunnels are supported in Cisco 3900 routers(with & without the hardware processors)?How much is the throughput of the 3900 routers?

View 1 Replies View Related

Cisco WAN :: 1 GigE WAN Module For 2900 / 3900 Router

May 28, 2013

I am in search of a 1 Gig Ethernet WAN module for 2900, 3900 series router.I want to terminate 230mbps link on this module.I found EHWIC-1GE-SFP-CU option but as per service provider it will not support to 230mbps link.

View 3 Replies View Related

Cisco WAN :: Dynamic Configuration Of 3900 Series Router

Dec 12, 2010

Am trying to do a dynamic configuration of a 3900 series router (3925 to be precise).For the software and licenses, under the IOS technology Package Licenses, what's the significant of SL-39-DATA-K9 and SL-39-SECNPE-K9? Are they really necessary for the router?

View 3 Replies View Related

Cisco WAN :: 3900 / High Available Data Centre Internet

Jan 2, 2012

We currently have a single data centre with 2 x 100Mbps internet links from a single ISP. The 2 links are routed and terminate on separate ISP switches/routers with a /30 IP address, the links terminate on 2 Cisco 3900 series routers in the DC. eBGP and iBGP has been configured to provide high availability. We are currently using a private BGP ASN from the ISP and /24 subnet which is routed to the primary 3900 router and to the backup 3900 router in the event of a primary router failure.
 
We are looking to add a second data centre for DR and we need the /24 to failover over to the DR data centre in the event that the primary DC fails. The second DC will only have a single 100Mbps internet connection as resiliency in DR is not required. I understand how eBGP/iBGP willl be setup and configured for both sites but I would like to know the pros/cons and peoples experiences of using a single ISP to provide internet connectivity for both Data Centres? I understand that I will need a public ASN if I use separate ISPs.
 
Is using a single ISP for all 3 internet connections acceptable? The circuits will be connected to resilient parts of the ISPs network. If we decide to use a second ISP, would it be recommend to use ISP1 for the Primary and DR data centre primary links and ISP2 for the Primary data centre backup link?

View 3 Replies View Related

Cisco WAN :: Router Failover Concept In 3900 Series

Oct 24, 2011

I am looking for the procedure of the router 3900 series failover. I have got two 3900 series router with the same ISO and other interface cards. What are the main things that I should watch ? Does the standby router takes the same ip of active router if the active router fails ? How should I configure it.

View 1 Replies View Related

Cisco Switching/Routing :: Does 3900 Router Has Same Features On PBR

Dec 17, 2011

I would like to configure the policy base routing (PBR) on router (3900) base on the "specific tcp port" (TCP port 16255) to re-direct the traffic to another FE port. 
 
From cisco web portal, CAT 4500 should support PBR as below:"Policies can be based on IP address, port numbers, or protocols. For a simple policy, use any one of these descriptors; for a complicated policy, use all of them." url...
 
Does 3900 router has the same features on the PBR? if yes, can it support "source tcp port" and/or "destination TCP port"?

View 2 Replies View Related

Cisco VPN :: 3900 / How To Ensure All VPN Traffic Will Pass Through Router

Jan 11, 2013

I recently upgraded from a Cisco 3900 series router to a Cisco ASR1k router. Since the upgrade, I have internal clients who claim they cannot connect to external VPNs. These internal clients are behind a NAT that routes a public IP address to a group of clients with private IP addresses.
 
How can I ensure that all VPN traffic is able to pass through the NAT? 

View 2 Replies View Related

Cisco Switching/Routing :: 3900 - Network Splitting By Link Of 60 Mb

Nov 29, 2012

how to go about config my bureau connected to HQ and separated by a WAN link of 60mb.

This is my plansplit into halves that is 30 mb for LAN connections, internet and file serving for strictly video streaming, bureaus have routers 2800 conected to HQ HQ has a router 3900

View 1 Replies View Related

Cisco Firewall :: 3900 - Configuring Active / Standby With Dual ISP

Jan 12, 2013

1. We have Two 3900 Router on the core layer which are terminated with one ISP on one Router and Secondary ISP on Second Router.

2. Can we configure my ASA 5520 with Active/Standby termenating two IPS providers one on Active ASA 5520  and Other ISP  on Standby ASA 5520, so that when Active ISP fail ASA Secondary can become Active and send the Traffic throough Secandary ISP.
 
3. The reasion behind giveing Public IP on Firewall is to Terminate VPN on our Firewall i.e. SSL and IPSEC VPN.
  
Few Clarification If we can achive the above:
 
1. How will the DMZ Servicec nated with my Primary ISP on my Primary ASA will be routed when the Secondary ASA is acting as Active Firewall.

2. Can Web SSL and Client To Site IPSEC  VPN users access service  via the Secondary ISP- ASA when my Primary ASA and ISP is down.

View 7 Replies View Related

Cisco WAN :: Connect 7206 And 3900 Series Routers Through Fiber?

Jun 4, 2013

We are migrating from a Microwave T1 WAN to a Fiber ring WAN which I'll be connecting to our providers Ciena Metro E switches.  Eventually we are going to move away from the routers,  but the network is a little too complex as well as spanned across a lot of miles.  Since I am the only networking personnel here, I would like to first simply migrate to the fiber by simply moving the connection configs off of the T1 interfaces, and onto one of the Gig interfaces on the 7206 and on one of the Fe interfaces on the 3900 (which is actually a 3700 series because the line card on the 3900 is toast).  If this works, I will need to purchase Fe line cards for the 7206, because I found out that the virtual interfaces do not support Policy Mapping for our QOS and Multicasting.

View 6 Replies View Related

Cisco Infrastructure :: Frame Relay FDL Command For 3900 Router T1?

Sep 26, 2012

Transitioning from 3825 to 3945 (OS is 15.0(1r)M13 c3900-universalk9-mz.SPA.151-4.m4). Turning on FDL on the 3825 was easy but the same command on the 3945 doesn't work.

View 3 Replies View Related

Cisco Switching/Routing :: 3900 Series Router Licensing?

Feb 6, 2013

Can the 3900 series router be ordered or upgraded to a license with advances enterprise services?  I have a few of these routers and I'm looking to get the license upgraded if possible.

View 1 Replies View Related

Cisco WAN :: 3900 Router Is Not Taking No Auto Summary Command

May 9, 2013

My Cisco 3900 router is not taking the no auto summary command?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved