AnyBody43
07-25-2004, 01:42 AM
"Michael L. Hostbaek" <carlos@pez.dk> wrote in message news:<slrnc53ls8.4mq.carlos@freebsdcluster.org>...
> Helmut Ulrich tried to tell us something, and all I got was:
> > > I've got a NPE-300 - that should suffice.
> > >
> > maybe you have indeed the wrong feature set. You have only an "IPSEC 56"
> > software (C7200-JK8S-M). It is very probably that you need a 3DES image.
>
> Ahh.. what is the feature-set code for a 3DES image ?
>
> /mich
I am sure that your release does not support the card. I believe
it when it says so. The SA-VAM does support 56bit DES so I doubt
that you have a feature set issue. Try 12.1E.
Just to try my hand again I had a look at this on CCO.
To me it looks a real mess. No info that I can find really.
I suggest:
1.
If you have cisco support or the SA-VAM is under warranty call Cisco
NOW.
If you cannot do that call your supplier and ask then to fix it.
If you bought _this_ card without support well!!! Bad idea.
2.
A few observations but no real material.
There is an SA-VAM2 which is quite well documented.
12.1.E was IIRC an odd release that supported all sorts of weird
hardware. e.g. Cat 6500 native.
IOS roadmap for 12.1E says that the migration path is:
Cisco IOS Software Release 12.1(5)T or 12.1(2)E and
later 12.1E releases
IOS roadmap for 12.1T says that the migration path is:
Cisco IOS Software Release 12.1T will reach end of engineering
with release 12.1(5)T. The migration path for obtaining bug
fixes for 12.1(5)T is Cisco IOS Software Release 12.2. The 12.2
release is a subset of 12.1(5)T, plus additional bug fixes.
I conclude that there is a strong possibility that the SA-VAM
has been effectively superceeded and that you will forever be
stuck with 12.1E or possibly 12.5(T).
12.3 release notes say:
CSCeb48517
Symptoms: A Cisco 7200 series that is configured for IP Security
(IPSec) Virtual Private Networks (VPNs) and that has hardware
acceleration enabled on a service adapter VPN Acceleration Module
(SA-VAM) may reload because of a software condition.
Conditions: This symptom is observed on a Cisco 7200 series that has
operated normally for a period of time.
Workaround: Enter the crl optional ca-trustpoint configuration command
on the router.
So I guess that the sa-vam must be supported on 12.3.
Good luck.
> Helmut Ulrich tried to tell us something, and all I got was:
> > > I've got a NPE-300 - that should suffice.
> > >
> > maybe you have indeed the wrong feature set. You have only an "IPSEC 56"
> > software (C7200-JK8S-M). It is very probably that you need a 3DES image.
>
> Ahh.. what is the feature-set code for a 3DES image ?
>
> /mich
I am sure that your release does not support the card. I believe
it when it says so. The SA-VAM does support 56bit DES so I doubt
that you have a feature set issue. Try 12.1E.
Just to try my hand again I had a look at this on CCO.
To me it looks a real mess. No info that I can find really.
I suggest:
1.
If you have cisco support or the SA-VAM is under warranty call Cisco
NOW.
If you cannot do that call your supplier and ask then to fix it.
If you bought _this_ card without support well!!! Bad idea.
2.
A few observations but no real material.
There is an SA-VAM2 which is quite well documented.
12.1.E was IIRC an odd release that supported all sorts of weird
hardware. e.g. Cat 6500 native.
IOS roadmap for 12.1E says that the migration path is:
Cisco IOS Software Release 12.1(5)T or 12.1(2)E and
later 12.1E releases
IOS roadmap for 12.1T says that the migration path is:
Cisco IOS Software Release 12.1T will reach end of engineering
with release 12.1(5)T. The migration path for obtaining bug
fixes for 12.1(5)T is Cisco IOS Software Release 12.2. The 12.2
release is a subset of 12.1(5)T, plus additional bug fixes.
I conclude that there is a strong possibility that the SA-VAM
has been effectively superceeded and that you will forever be
stuck with 12.1E or possibly 12.5(T).
12.3 release notes say:
CSCeb48517
Symptoms: A Cisco 7200 series that is configured for IP Security
(IPSec) Virtual Private Networks (VPNs) and that has hardware
acceleration enabled on a service adapter VPN Acceleration Module
(SA-VAM) may reload because of a software condition.
Conditions: This symptom is observed on a Cisco 7200 series that has
operated normally for a period of time.
Workaround: Enter the crl optional ca-trustpoint configuration command
on the router.
So I guess that the sa-vam must be supported on 12.3.
Good luck.