Authentication
● X.509 digital certificates (RSA signatures);● Encrypted Nonces (RSA encryption);● Preshared keys;● Simple Certificate Enrollment Protocol (SCEP);● RADIUS (RFC 2138);● TACACS+
CA/PKI Support
● Entrust;● VeriSign;● Microsoft;● Netscape;● IPlanet;● Baltimore Technologies
Encryption
● Encapsulating Security Payload (ESP);● DES;● 3DES;● AES 128, 192, 256
Integrity
Hashed Message Authentication Code with MD5 (HMAC-MD5) and with Secure Hash Algorithm-1 (HMAC-SHA-1) (RFCs 2403 and 2404)
Key Management
Internet Key Exchange (IKE; RFCs 2407-2409);IKE-XAUTH;IKE-CFG-MODE
Physical Dimensions
● Length
Product Code
WS-C6506-E-VPN+-K9
Resiliency and High Availability
● HSRP + RRI;● Intrachassis (blade-to-blade) IPsec stateful failover;● Interchassis (box-to-box) active/standby IPsec stateless failover;● DPD;● Dynamic routing across IPsec (see 'Routing Protocols' section of this table)
Supervisor Engines
Cisco Catalyst 6500 Series Supervisor Engine 32, 720 Series, or VSS_10G
Supported LAN Interfaces
● Multiport Fast Ethernet;● Multiport Fast Ethernet with inline power;● Multiport Gigabit Ethernet;● 10 Gigabit Ethernet
Supported WAN Interfaces
● Gigabit Ethernet WAN and Enhanced Gigabit Ethernet WAN;● Single- and dual-port T3/E3;● Single- and dual-port High-Speed Serial Interface (HSSI);● Multiport T1/E1;● Multichannel T1/T3/E3;● OC-3 ATM single-mode (SM) and multimode (MM);● OC-3 packet over SONET/SDH (POS) SM and MM;● OC-12 ATM SM and MM;● OC-12 POS SM and MM;● OC-48 POS SM;● OC-48 POS-Dynamic Packet Transport (DPT) SM
VPN Tunneling
IPsec (RFCs 2401-2411 and 2451)