Cisco Systems 870 Secure Networking, IP Telephony, Security Features Series Features Overview

Cisco 2800 Series

Benefits and Advantages continued

Cisco 2800 Series

Security Features continued

Secure Networking

Integrated on the motherboard of every Cisco 2800 Series router is hardware-based encryption acceleration that offloads the encryption processes to provide greater IPSec throughput with less overhead for the router CPU, when compared with software-based solutions.. With the optional integration of VPN modules (for enhanced performance and tunnel count), content engine network modules for URL filtering, or intrusion-prevention network modules, combined with the rich Cisco IOS Software security feature set that includes firewall, network admission control (NAC), voice and video-enabled VPN (V3PN), intrusion prevention, and Dynamic Multipoint VPN (DMVPN), Cisco

IP Telephony

The Cisco 2800 Series allows network managers to provide scalable analog and digital telephony without investing in a one-time solution, giving enterprises greater control of their converged telephony needs.. Using voice and fax modules, the Cisco 2800 Series can be deployed for applications ranging from voice over IP (VoIP) and voice over Frame Relay (VoFR) transport

to robust, centralized solutions using the Cisco Survivable Remote Site Telephony (SRST) solution or distributed call processing using Cisco CallManager Express (CCME).. The architecture is highly scalable with the ability to support up to 96 IP phones, 12 T1/E1s trunks,

52 foreign-exchange-station (FXS) ports, or 36 foreign-exchange-office (FXO) ports concurrent with data routing and other services..

URL Filtering

•Onboard with an optional content-engine network module

•Local URL filtering in Cisco IOS software based on external server

Onboard USB 1.1 port

•1 or 2 onboard USB 1..1 ports

•Secure token and Flash memory support

Optional Security Modules

•IDS/IPS Network Modules (NM-CIDS portfolio)

•VPN and Encryption Advanced Integration Modules (AIM-VPN portfolio)

•Content Engine Network Modules (NM-CE portfolio)

Cisco Router and Security Device Manager (SDM)

• Ships by default

Certifications

•ICSA IPSec

•ICSA Firewall

•Common Criteria IPSec (EAL4) (in process)

•Common Criteria Firewall (EAL4+) (in process)

•FIPS 140-2, Level 2 (in process)

Security Features

Series Features Overview

IPSec VPN

•Advanced Encryption Standard (AES) 128, 192, and 256; Triple Data Encryption Standard (3DES); and DES cryptology support

•Embedded hardware-based VPN acceleration on the motherboard

•Cisco Easy VPN remote; Cisco Easy VPN server

•Dynamic Multipoint VPN (DMVPN)

•Virtual Tunnel Interfaces (VTI)

•VPN QoS— Preclassification support

•Support for up to 1500 VPN tunnels with the AIM-VPN module

Multiprotocol Label Switching (MPLS) VPN Support

•Specific provider edge capabilities

•Virtual Routing and Forwarding (VRF) firewall and VRF IPSec

Cisco IOS IPS

•Inline ability to drop packet, reset connection, locally shun, or send an alarm; dynamically load and enable selected attack signatures in the same manner as Cisco IPS Appliances

IOS WebVPN (SSL VPN)

•Secure remote access for mobile users without installing PC client software

•Integrated into the router— no separate appliance required

•Cisco 2801 supports up to 25 users, Cisco 2811 and 2821 support up to 50 users, and Cisco 2851 supports up to 75 users..

•Requires IOS WebVPN feature license FL-WEBVPN-10 or FL-WEBVPN-25 (purchase multiple quantities to add up to the desired number of users)

•Requires an IOS security feature set (IOS security feature set is included in all secure router bundles)

Cisco IOS Firewall

•Feature rich, stateful firewall

•Per-user authentication and authorization

•Real-time alerts

•Transparent firewall

•IPv6 firewall

•VRF-Aware firewall

•Advanced Application Inspection and Control

–HTTP inspection engine

–E-mail inspection engines (SMTP, ESMTP, IMAP, POP)