1-19
Cisco ASA Series CLI Configuration Guide
Chapter 1 Setting General VPN Parameters
Configuring the Pool of Cryptographic Cores
If you try to add a trustpoint that already exists, you receive an error. If you use the no crypto ikev2
remote-access trustpoint command without specifying which trustpoint name to remove, all trustpoint
configuration is removed.
Configuring the Pool of Cryptographic Cores
You can change the allocation of cryptographic cores on Symmetric Multi-Processing (SMP) platforms
to give you better throughput performance for AnyConnect TLS/DTLS traffic. These changes can
accelerate the SSL VPN datapath and provide customer-visible performance gains in AnyConnect, smart
tunnels, and port forwarding. These steps describe configuring the pool of cryptographic cores in either
single or multiple context mode:
Note Multiple context mode only applies to IKEv2 and IKEv1 site to site but does not apply to AnyConnect,
clientless SSL VPN, the legacy Cisco VPN client, the Apple native VPN client, the Microsoft native
VPN client, or the cTCP for IKEv1 IPsec.
Limitations
• Cryptographic core rebalancing is available on the following platforms:
–
5585-X
–
5580
–
5545-X
–
5555-X
–
ASASM
• The large modulus operation is only available for 5510, 5520, 5540, and 5550 platforms.
Detailed Steps
Command Purpose
Step 1
asa1(config)# crypto engine ?
asa1(config)# crypto engine accelerator-bias ?
Specifies how to allocate crypto accelerator
processors:
• balanced - Equally distribute crypto hardware
resources
• ipsec - Allocate crypto hardware resources to
favor IPsec/Encrypted Voice (SRTP)
• ssl - Allocate crypto hardware resources to favor
SSL
Step 2
large-mode-accel
Performs large modulus operation in the hardware.
To Next Page
Loading...
Need help?
General