Table of Contents
In order to provide customers with easy-to-order solutions to meet their VPN networking needs, four new VPN Router bundles are available based on the award-winning Cisco 2600 and 3600 modular multiservice router platforms. These VPN bundles enable customers to order, using one part number, a Cisco VPN Router with all the necessary VPN components at a reduced price compared to ordering each component separately. Each VPN Bundle can also include additional WAN modules ordered with it. While the VPN Bundles are available in both a 56DES and 3DES versions, all 56 DES bundles can be easily updated to a 3DES license if desired in the future
These bundles offer customers the ability to deploy proven security features such as Virtual Private Networks (VPNs), Intrusion Detection Systems (IDS) and Firewalls as-well-as high speed Internet access and the ability to create Extranets or De-Militarized Zones (DMZs). These VPN bundles can support Intranet, Extranet and Remote Access VPN deployments. For Remote Access VPN the Bundles require Cisco Secure VPN Client 1.1 later this year they will support the new free Cisco VPN Client 3.0 recently released by Cisco. Figure 18-119: VPN Applications
VPNs can help companies reap benefits such as dramatically lowered WAN costs, improved global connectivity, and better reliability, while enabling capabilities such as secure extranet communications. Remote dial, Internet, intranet, and extranet access can all be consolidated over a single WAN connection to the Internet.
The Cisco 2600/3600 series modular multiservice access routers are ideal for site-to-site VPNs. They deliver a rich, integrated package of routing, firewall, dial, Packet Voice Gateway and VPN functions for multiservice VPN applications. The Cisco 2600/3600 series together with the VPN module are the perfect IPSec/VPN solution for connecting small offices to other remote offices, central-office intranets, or partner extranets.
The VPN Modules included with the VPN Router Bundles encrypt data using the Data Encryption Standard (DES) and 3DES algorithms at speeds suitable for multi full-duplex T1/E1 serial connections. The VPN encryption modules handles a variety of IPSec-related tasks, including encryption, hashing, key exchange, storage of security associations---which frees the main processor and memory to perform other router, voice, and firewall functions.
The Cisco IOS Firewall with Intrusion Detection (FW/IDS) included with the bundle protects the LAN from network attacks. Context-based access control (CBAC) provides dynamic or stateful filtering on a per-application basis, permitting legitimate traffic to enter the LAN only while a session is active. CBAC capability is considered essential for effective firewall functionality. Cisco IOS Firewall also supports other key features such as Java blocking, denial-of-service detection and prevention, audit trail, and real-time alerts. Cisco IOS Firewall also provides Authentication, Authorization, and accounting (AAA) features provide authentication of remote users, authorize Access to specific network resources, and account for this activity. The Cisco IOS Firewall`s Intrusion Detection System (Cisco IOS IDS) identifies 59 of the most common attacks using signatures to detect patterns of misuse in network traffic. The intrusion-detection signatures included in the new release of the Cisco IOS Firewall were chosen from a broad cross-section of intrusion-detection signatures. The signatures represent severe breaches of security and the most common network attacks and information-gathering scans.
IPSec provides the following network security services:
-
Privacy-IPSec can encrypt packets before transmitting them across a network.
-
Integrity-IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.
-
Authentication-IPSec peers authenticate the source of all IPSec-protected packets.
-
Anti-replay protection-IPSec prevents capture and replay of packets, and helps protect against denial-of-service attacks.
-
Encrypted tunnels - protect data from being intercepted and viewed by unauthorized entities and also perform multiprotocol encapsulation.
The Cisco IOS IPSec supports both DES (56-bit), and 3DES (168-bit). Generic Routing Encapsulation (GRE) with IPSec is a Cisco unique solution that enables routing updates to be sent over the VPN, thus delivering greater network resiliency than IPSec-only solutions. Aside from providing a failover mechanism, GRE tunnels provide the ability to encrypt multicast/broadcast packets and non-IP protocols. Thus by using GRE with IPSec Cisco can support Appletalk and Novell IPX with our site-to-site VPN solution.
Cisco Tunnel Endpoint Discovery, a feature in Cisco IOS software, facilitates tunnel scalability and survivability critical to fully meshed site-to-site VPN environments by enabling tunneled connections to dynamically self-configure according to network security policy, thus mitigating the need to manually configure every point-to-point tunnel on the VPN.
Config Maker is an easy to use Standalone Windows GUI that allows a user to perform simple IPSec config rules directly connected to the consoles port or through Telnet. Config Maker is a free download from Cisco Software Center on http://www.cisco.com for registered users. Config Maker should be considered for the user that has little Cisco CLI experiences and is planning to deploy a simple VPN of 3-10 Devices.
Cisco Secure Policy Manager (CSPM) is a Windows NT based software tool. CSPM version 2.3 is the latest version of the Cisco security policy management and with it customers can define, distribute, enforce, and audit network-wide security policies from a central location. CSPM streamlines the tasks of managing complicated network security elements, such as IPSec-based VPNs. In addition to managing Cisco VPN Router CSPM can also manage Cisco PIX firewalls, and Cisco Intrusion Detection Systems (IDS). CSPM can dramatically simplify Cisco IOS Firewall, and Cisco IOS IPSec VPN deployments for enterprise customers allowing administrators too visually define high-level security policies from one central tool.
The CiscoWorks2000 VPN/Security Management Solution (VMS) is a comprehensive browser-based application suite addressing the unique management challenges of properly securing and administrating VPN connections. VMS includes a full set of monitoring and reporting applications plus a 10-device "lite" version of CSPM. VMS will support the Cisco 2600/3600 VPN Bundles with Cisco IOS release 12.2(4) T.
-
Dual 10 Ethernet Router with 2 WIC Slots & 1 NM Slot
-
Memory upgrade for both flash and DRAM: (16-MB Flash and 64-MB DRAM)
-
Cisco IOS Software: Cisco IOS IP/FW/IDS PLUS IPSEC 56 or 3 DES
-
VPN Module: AIM-VPN/BP (Base Performance)
-
High Performance Dual 10/100 Ethernet Router with 2 WIC Slots & 1 NM Slot
-
Memory upgrade for both flash and DRAM: (16-MB Flash and 64-MB DRAM)
-
Cisco IOS Software: Cisco IOS IP/FW/IDS PLUS IPSEC 56 or 3 DES
-
VPN Module: AIM-VPN/EP (Enhanced Performance)
-
3640 4-slot Modular Router
-
Dual 10/100 Ethernet 2 WAN Card Slot Network Module
-
Memory upgrade for both flash and DRAM: (16-MB Flash and 64-MB DRAM)
-
Cisco IOS Software: Cisco IOS IP/FW/IDS PLUS IPSEC 56 or 3 DES
-
VPN Module: NM-VPN/MP (Mid Performance)
-
Dual 10/100 Ethernet Cisco 3662 6-slot Modular Router-AC
-
Memory upgrade for both flash and DRAM: (32-MB Flash and 64-MB DRAM)
-
Cisco IOS Software: Cisco IOS IP/FW/IDS PLUS IPSEC 56 or 3 DES
-
VPN Module: AIM-VPN/HP (High Performance)
Table 18-300: Technical Details
|
Bundle |
Firewall with IDS |
Multiprotocol Support GRE & IPSec |
MPLS VPN |
VPN QoS |
Max Tunnel |
3DES Mbps Packet 256 |
3DES Mbps Packet 1400 |
|
C2611-VPN |
Yes |
IP/IPX/Appletalk |
CPE |
Yes |
300 |
2 |
10 |
|
C2651-VPN |
Yes |
IP/IPX/Appletalk |
CPE |
Yes |
800 |
4 |
14 |
|
C3640-VPN |
Yes |
IP/IPX/Appletalk |
PE |
Yes |
1000 |
5 |
18 |
|
C3662-VPN |
Yes |
IP/IPX/Appletalk |
PE |
Yes |
1800 |
9 |
40 |
Note Mbps 3DES speeds are based on a back-to-back fast etherent Router tests; your numbers may vary based on WAN speed, memory,and other applcations that may be running in Cisco IOS.
Table 18-301: Part Numbers for the Cisco 2600 and 3600 VPN Router Bundles
|
Description |
Cisco Part Name |
|
2611VPN Router,IPSec56DES,Dual 10 E,VPNCard,64DRAM |
2611-2E/VPN/K8 |
|
2651VPN Router,IPSec56DES,Dual 10/100 FE,VPNCard,64DRAM |
2651-2FE/VPN/K8 |
|
3640VPN Router,IPSec56DES,Dual 10/100 FE,VPNCard,2WAN |
3640-2FE/VPN/K8 |
|
3662VPN Router,IPSec56DES,Dual 10/100 FE,VPNCard,64DRAM |
3662-2FE/VPN/K8 |
|
3DES Bundles |
|
|
2611VPN Router,IPSec3DES,Dual 10 E,VPNCard,64DRAM |
2611-2E/VPN/K9 |
|
2651VPN Router,IPSec3DES,Dual 10/100 FE,VPNCard,64DRAM |
2651-2FE/VPN/K9 |
|
3640VPN Router,IPSec3DES,Dual 10/100 FE,VPNCard,2WAN |
3640-2FE/VPN/K9 |
|
3662VPN Router,IPSec3DES,Dual 10/100 FE,VPNCard,64DRAM |
3662-2FE/VPN/K9 |
Note WIC= WAN Interface Cards, K9 and K8 Designators reflect DES or 3DES licenses included
Category: Routers
Get a Fast Quote on this item today!
Back to the top ^ |
