Security Features continued
Cisco 1800 Modular Series
Security Example
Corporate
Headquarters
Small
Branch
Office
Large
Branch
Office
Branch
Office
Cisco 7200
(VoIP-enabled)
SS7
IMT PRI
Cisco 3800
(VoIP-enabled)
Cisco 1841 Cisco 2800
SP IP VPN Core
PSTN
V
V
Branch office Network Admission Control (NAC) helps ensure that every endpoint complies with
network security policies before being granted access, protecting the network from viruses and worms
Network Foundation Protection
• Control Plane Policing (CPP) • Access Control List (ACL)
• AutoSecure • Command Line Interface (CLI)
• Secure Shell (SSH) • Committed Access Rate (CAR)
URL Filtering
• Local URL ltering in Cisco IOS software based on external server
Onboard USB 1.1 Port
• Single onboard USB 11 port
• Secure token and Flash memory support
Security Solutions
• Network Admission Control (NAC)
Optional Security Modules
• VPN and Encryption Advanced Integration Modules (AIM-VPN/BPII-PLUS)
Cisco Router and Security Device Manager (SDM)
• Ships by default
Certications
• ICSA IPSec
• ICSA Firewall
IPSec VPN
• Advanced Encryption Standard (AES) 128, 192, and 256; Triple Data Encryption Standard (3DES);
and DES cryptology support
• Embedded hardware-based VPN acceleration on the motherboard
• Cisco Easy VPN remote
• Cisco Easy VPN server
• Dynamic Multipoint VPN (DMVPN)
• Virtual Tunnel Interfaces (VTI)
• 8021x
• VPN QoS —Preclassication support
• Support for up to 800 IPSec tunnels using the AIM-VPN/BPII-PLUS
Multiprotocol Label Switching (MPLS) VPN Support
• Support for VRF-lite and VRF aware IPSec
Cisco IOS IPS
• Inline ability to drop packet, reset connection, locally shun, or send an alarm
• Dynamically load and enable selected attack signatures in the same manner as Cisco IPS Appliances
Cisco IOS Firewall
• Feature rich, stateful rewall
• Per-user authentication and authorization
• Real-time alerts
• Transparent rewall
• IPv6 rewall
IOS WebVPN (SSL VPN)
• Secure remote access for mobile users without installing PC client software
• Integrated into the router—no separate appliance required
• Cisco 1841 supports up to 25 users
• Requires IOS WebVPN feature license FL-WEBVPN-10 or FL-WEBVPN-25
• Requires an IOS security feature set (IOS security feature set is included in all secure router bundles)
Benets and Advantages continued
Cisco 1800 Modular Series
32
Security Features
33
Admission Control (NAC) support for anti-virus
defense, the Cisco 1841 offers a robust and
adaptable security solution for branch-office
routers Every Cisco 1800 Series router comes
with the factory-installed Cisco Router and
Security Device Manager (SDM) Cisco SDM is
an intuitive, Web-based device manager that
offers easy router configuration and monitoring,
startup wizards for quick deployment and lock-
down, smart wizards to help enable security
and routing features, Cisco Technical Assistance
Center (TAC)-approved router configurations,
and subject-related educational content
Integrated Services
By providing integrated services, as well as
great modular density and high performance,
the Cisco 1841 router provides security,
versatility, scalability, and flexibility for multiple
applications to the small- to-medium-sized
business, small enterprise branch office, and
the service provider customer edge The Cisco
1841 router easily accommodates several
network applications, such as secure branch-
office data access (including NAC for antivirus
defense), VPN access and firewall protection,
business-class DSL, IPS support, inter-VLAN
routing, and serial device concentration The
Cisco 1841 router provides customers with the
industry’s most flexible, secure, and adaptable
infrastructure to meet both today’s and
tomorrow’s business requirements for maximum
investment protection
• VRF-Aware rewall
• Advanced Application Inspection and Control
– HTTP inspection engine
– E-mail inspection engines (SMTP, ESMTP, IMAP,
POP)
• Common Criteria IPSec (EAL4) (in process)
• Common Criteria Firewall (EAL4+) (in process)
• FIPS 140-2, Level 2 (in process)