3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

SWITCH 8800 IPSEC MODULE

This chapter describes the IPsec Module (3CR1754766), which is available for the

Switch 8800

The IPsec Module is a high performance encryption VPN module designed for

enterprises requiring support for multiple VPN applications, and hardware-based

encryption processing. It provides hardware based encrypting of data with a

maximum encryption rate of 512-bit. The module supports DES, 3DES and AES

types of encryption. The Module provides the following capabilities:

■ On board operating system and custom hardware designed for high speed

encryption

■ Occupies any open I/O slot in the chassis and is fully hot swappable

■ Interfaces to the SW8800 high capacity backplane and fully utilizes the internal

crossbar switching capabilities of the system

■ The Module has (8) 1Gbps Ethernet (SFP) front panel ports for

switching/routing (these ports can be utilized as regular switching ports)

The module provides multiple VPN functions (such as L2TP VPN, GRE VPN, IPsec

VPN, and Dynamic VPN (DVPN), and supports IPsec hardware encryption for DES,

3DES, and AES. The IPsec Module supports multiple authentication modes,

including Radius, TACACS+, RSA SecureID and PKI/X.509 based certificate

authentication. In addition, it supports simple packet filter and firewall status

features. Customers must download the SW8800 Encrypted Software from

3Com’s Website (at no charge), using an approved encrypting license to run this

module.

Tab le 1 IPsec Module Function

Attribute Description

Network security

Authentication,

authorization and

accounting service

RADIUS

HWTACACS

CHAP authentication

PAP authentication

Domain authentication

Firewall

Packet filtering

Access control list on the basis of interface

Access control list on the basis of time period