[c-nsp] Disable cryptographic hardware on Cisco 3845

Joann Deng liblight at yahoo.com
Mon Jun 18 14:37:06 EDT 2007 

I am configuring stateful failover for IPSec on rtp03
and rtp04, but got the following error message, then I
wondered if I can disable the crypto hardware.

rtp03#
*Jun 18 00:35:37.574:
%CRYPTO_HA_IPSEC-4-CRYPTO_HA_NOT_SUPPORTED_BY_HW:
Crypto hardware is enabled and it does not support HA
operation 'IPSec - extract keys'
vzsjcnrtp03#
 
rtp04#    
*Jun 18 00:42:28.026:
%CRYPTO_HA_IKE-4-CRYPTO_HA_NOT_SUPPORTED_BY_HW: Crypto
hardware is enabled and it does not support HA
operation 'IKE - manual SA create'
*Jun 18 00:42:28.026: %CRYPTO_HA_IKE-3-FAILOVER_ERROR:
Attempt to failover IKE SA
(209.114.76.195:160.33.128.84) failed due to crypto
engine does not support HA.  No stateful failover
available for this SA.
vzsjcnrtp04#

--- Rodney Dunn <rodunn at cisco.com> wrote:

> Why do you want to turn it off?
> 
> We do no recommend that at all becuase the
> performance
> is so much slower in the software path.
> 
> Please don't do it unless you are simply trying to
> narrow down a bug.
> 
> Rodney
> 
> 
> <snip>
> 3800-1#sh ver | incl IOS
> Cisco IOS Software, 3800 Software
> (C3845-ADVIPSERVICESK9-M), Version 12.4(8), RELEASE
> SOFTWARE (fc1)
> 3800-1#config t
> Enter configuration commands, one per line.  End
> with CNTL/Z.
> 3800-1(config)#no crypto engin acc 
> ...switching to SW crypto engine
> 3800-1(config)#
> *Jun 18 18:23:00.418: %VPN_HW-6-INFO_LOC: Crypto
> engine: onboard 0  State changed to: Disabled 
> 3800-1(config)# crypto engin acc   
> ...switching to HW crypto engine
> 3800-1(config)#
> *Jun 18 18:23:07.694: %VPN_HW-6-INFO_LOC: Crypto
> engine: onboard 0  State changed to: Enabled 
> 3800-1(config)#
> </snip>
> 
> On Mon, Jun 18, 2007 at 09:43:57AM -0700, Joann Deng
> wrote:
> > Hi group,
> > 
> > Anybody knows how to disable cryptographic
> hardware on
> > Cisco 3845? As depending on configuration, either
> the
> > internal Safenet chip or the IOS software is
> > used for cryptographic operations on Cisco 3845,
> and
> > I'd like to use IOS instead of the hardware.
> > 
> > Thanks in advance,
> > 
> > Joann
> > 
> > 
> >        
> >
>
____________________________________________________________________________________
> > Got a little couch potato? 
> > Check out fun summer activities for kids.
> >
>
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz
> 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 



       
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
http://mobile.yahoo.com/go?refer=1GNXIC

More information about the cisco-nsp mailing list