The 3015, 3020, 3030, 3060, and 3080 support modular slots for additional cards. Currently, the only two cards that you can put into these slots are SEP-2 and SEP-E modules. SEP modules perform VPN functions, such as encryption, in hardware.
When Cisco acquired Altiga, there were three cards you could put in these slots: an SEP module (Version 1), a T1 module, or an E1 module. Cisco no longer sells these cards: only the SEP-2 and SEP-E modules are available.
The SEP-2 modules will perform encryption for DES and 3DES only. The SEP-E module has replaced the SEP-2 module. It allows the concentrator to perform DES, 3DES, and AES encryption. To perform AES encryption in hardware, the concentrator also needs to be running at least Version 4.0 of the software.
You cannot use both SEP-2 and SEP-E modules in the same chassis. If you have a concentrator that has both, the SEP-2 modules are disabled automatically and only the SEP-E module(s) will be active.
To determine the kind of SEP module you have installed, you can either log in to the concentrator to see the type of module (the Monitor > System Status screen) or you can examine the module itself. In the lower right corner of the SEP card's cover plate will be a label with one of these pieces of information:
The SEP modules are not hot-swappable; failing to turn off and unplug the concentrator when inserting or removing an SEP module can destroy the box and possibly cause electrocution.
Each SEP module supports between 1,500 and 5,000 simultaneous remote access sessions, depending on the 3000 series model the module is plugged into. Placement of the SEP modules in the chassis of the concentrator is important. Referring back to Figure 6-2, the top two slots, by default, are the active slots. They process VPN sessions. The slot beneath a top slot provides redundancy for the slot above it. Redundancy is top-down, as follows:
Part I: VPNs
Overview of VPNs
PPTP and L2TP
Part II: Concentrators
Concentrator Product Information
Concentrator Remote Access Connections with IPsec
Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN
Concentrator Site-to-Site Connections
Verifying and Troubleshooting Concentrator Connections
Part III: Clients
Cisco VPN Software Client
Windows Software Client
3002 Hardware Client
Part IV: IOS Routers
Router Product Information
Router ISAKMP/IKE Phase 1 Connectivity
Router Site-to-Site Connections
Router Remote Access Connections
Troubleshooting Router Connections
Part V: PIX Firewalls
PIX and ASA Product Information
PIX and ASA Site-to-Site Connections
PIX and ASA Remote Access Connections
Troubleshooting PIX and ASA Connections
Part VI: Case Study