ISM-VPN-29 Cisco ISM Module VPN Internal Service Router Module for Cisco ISR G2

ISM-VPN-29 Cisco ISM Module VPN Internal Service Router Module for Cisco ISR G2 ISM-VPN-29 Overview Items Specification Cisco ISM-VPN-29 VPN Internal Service Module CISCO2901 2911 2921 2951 Router Device Type: Encryption module Form Factor: Plug-in module Dimensions (WxDxH)10.2 cm x 15.5 cm x 2.2 cm Weight 206 g Designed For: Cisco 2941, 2941 Mobile Wireless, 2941 Secure WAAS Bundle, 2941 Security, 2941 Security Bundle, 2941 SRE Bundle, 2941 VPN ISM Module HSEC Bundle,2941 WAAS Bundle Products Details Feature Description Physical The Cisco VPN ISM fits in the ISM slot in the Cisco ISR G2. Platform support The Cisco VPN ISM supports the Cisco 1941 and the Cisco 2900 and 3900 Series Integrated Services Routers (ISRs). Hardware prerequisites An ISM slot for the Cisco 1941 and the Cisco 2900 and 3900 Series is required. IP Security (IPsec) encryption supported Authentication: Rivest, Shamir, and Adelman (RSA) Elliptic-Curve Digital Signature Algorithm (ECDSA) Advanced Encryption Standard (AES) in Galois Message Authentication Code (GMAC) Key exchange: Diffie Hellman and Elliptic-Curve Diffie Hellman (ECDH) Data integrity: Message Digest Algorithm 5 (MD5) Secure Hash Algorithm 1 (SHA-1) and Secure Hash Algorithm 2 (SHA-2) Encryption: Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) and Galois/Counter Mode (GCM) Hardware Secure Sockets Layer (SSL) encryption supported The Cisco VPN ISM supports SSL VPN encryption with DES, 3DES and AES. Note: VPN ISM does not support DTLS. Number of encryption modules per router The Cisco VPN ISM uses one encryption module per router. Minimum Cisco IOS Software version required The Cisco VPN ISM requires Cisco IOS Software Version 15.2(1)T1 or later. The SEC-K9 and HSEC-K9 licenses are required. Maximum number of IPsec encrypted tunnels The Cisco VPN ISM supports up to 500 tunnels on the Cisco 1941, up to 2000 tunnels on the Cisco 2900 Series, and up to 3000 tunnels on the Cisco 3900 Series. Standards supported The Cisco VPN ISM supports the IPsec Internet Key Exchange (IKE): RFCs 2401 to 2410, 2411, 2451, 4306, 4718, 4869, and 5996. Table 2. Features and Benefits of Cisco VPN ISM Features Benefits Ability to offload encryption to a dedicated service module Dedicated encryption protects performance while using CPU for other services. Small physical, energy, and carbon footprint You can save on energy bills, hardware support contracts, and onsite visits. Maximum performance while also maintaining strong encryption protection You have two to three times better onboard performance with the strongest Suite B encryption support. High-overhead IPsec processing from the main processor Critical processing resources are reserved for other services such as routing, firewall, and voice. IPsec MIB Cisco IPsec configuration can be monitored and can be integrated into a variety of VPN management solutions. Certificate support to facilitate automatic authentication using digital certificates Encryption use scales for large networks requiring secure connections between multiple sites. Easy integration of VPN modules into existing Cisco 1941 and Cisco 2900 and 3900 Series Routers System costs, management complexity, and deployment effort are reduced significantly compared to multiple-device solutions. Confidentiality, data integrity, and data origin authentication through IPsec Secure use of public switched networks and the Internet for WANs is facilitated. Cisco IOS SSL VPN Businesses can securely and transparently extend their networks to any Internet-enabled location using SSL VPN. The Cisco IOS SSL VPN supports Cisco AnyConnect Client, enabling full network access remotely to virtually any application. Platforms Supported Cisco VPN ISM acceleration module platform support is outlined in Table 3. Table 3. Supported Platforms Platform Support 880 No 890 No 1921 No 1941 Yes 2901 Yes 2911 Yes 2921 Yes 2951 Yes 3925 Yes 3945 Yes 3925E No 3945E No Cisco VPN ISM IPsec VPN Performance ISM-VPN-29 Specification Feature Specification Product part number ISM-VPN-19 ISM-VPN-29 ISM-VPN-39 CISCO1941-HSEC+/K9 CISCO2901-HSEC+/K9 CISCO2911-HSEC+/K9 CISCO2921-HSEC+/K9 CISCO2951-HSEC+/K9 CISCO3925-HSEC+/K9 CISCO3945-HSEC+/K9 Form factor ISM Internal network interfaces Gigabit Ethernet connectivity to router backplane Cisco IOS Software 15.2(1)T1 or higher IPsec Support Encryption Data Encryption Standard (DES), 3DES, Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) and Galois/Counter Mode (GCM) (128-, 192-, and 256-bit) Key exchange Diffie Hellman (DH) and Elliptic-Curve Diffie Hellman (ECDH) Digital signature Rivest, Shamir, and Adelman (RSA) and Elliptic-Curve Digital Signature Algorithm (ECDSA) Integrity Message Digest Algorithm 5 (MD5), Secure Hash Algorithm 1 and 2 (SHA-1 and SHA-2, respectively) (384- and 512-bit), and AES-GMAC (128-, 192-, 256- bit) Power Specification Power consumption (maximum) 20W Physical Specification Dimensions (H x W x D) 0.85 x 4 x 6.1 in. (2.2 x 10.2 x 15.5 cm) Shipping dimensions (H x W x D with packaging) 9.45 x 7.18 x 2.38 in. (24 x 18.4 x 6.05 cm) Maximum weight 0.5 lb (0.206 kg) Operating Conditions Operating temperature Cisco 1941 and 2901: 32 to 104F (0 to 40C) normal Cisco 2911, 2921, 2951, 3925, and 3945: 32 to 122F (0 to 50C) normal Humidity 10 to 95% operating Altitude (operating) 104F (40C) at sea level 104F (40C) at 6,000 ft (1,800m) 86F (30C) at 13,000 ft (4,000m) 81F (27.2C) at 15,000 ft (4,600m) Note: De-rate 34.5F (1.4C) per 1,000 ft above 6,000 ft (per 300m above 2,600m) Transportation and Storage Conditions Temperature -4 to 149F (-20 to +65C) Relative humidity 9 to 95% operating Altitude 10,000 ft (3,050m) Regulatory Compliance Safety UL 60950-1, 2nd Edition, Standard for safety for information deployable platform technology equipment (US) CAN/CSA-C22.2 No. 60950-1-03, Safety of information technology equipment including electrical business equipment (Canada) IEC 60950-1:3 rd edition [PRC] Safety of information technology equipment/Second Edition [Mexico] EN 60950 -1:2001, Safety of information technology equipment (CENELEC, includes EU and EFTA) AS/NZS 60950-1, Safety of information technology equipment including electrical business equipment (Australia) EMC Emissions: 47 CFR Part 15 Class A CISPR22 Class A EN300386 Class A EN55022 Class A EN61000-3-2 EN61000-3-3 ICES Class A KN 22 Class A VCCI Class I Immunities: CISPR24 EN300386 EN55024 EN61000-6-1 Product Number Product Description ISM-VPN-19 VPN Internal Service Module for support on 1941 platform ISM-VPN-29 VPN Internal Service Module for support on 2901,2911,2921 and 2951 platforms ISM-VPN-39 VPN Internal Service Module for support on 3925 and 3945 platforms Table 6. Cisco VPN ISM and ISR G2 Bundles Ordering SKU Description CISCO1941-HSEC+/K9 Security bundle for 1941 ISR G2 Platform, including VPN ISM CISCO2901-HSEC+/K9 Security bundle for 2901 ISR G2 Platform, including VPN ISM CISCO2911-HSEC+/K9 Security bundle for 2911 ISR G2 Platform, including VPN ISM CISCO2921-HSEC+/K9 Security bundle for 2921 ISR G2 Platform, including VPN ISM CISCO2951-HSEC+/K9 Security bundle for 2951 ISR G2 Platform, including VPN ISM CISCO3925-HSEC+/K9 Security bundle for 3925 ISR G2 Platform, including VPN ISM CISCO3945-HSEC+/K9 Security bundle for 3945 ISR G2 Platform, including VPN ISM Picture Related products SFP-10G-SR SFP-10G-LRM SFP-H10GB-CU3M SFP-10G-ER SFP-10G-ER QSFP-H40G-CU3M QSFP-H40G-CU0-5M QSFP-H40G-CU5M QSFP-4SFP10G-CU1M GLC-TE GLC-LH-SMD GLC-SX-MMD GLC-FE-100ZX GLC-BD-X GLC-XZ-SMD