Cisco® security router bundles ship with the industry's most comprehensive security services, intelligently embedding security into a single, resilient system for delivery of mission-critical business applications. A key component of the Cisco Self-Defending Network, Cisco integrated security routers allow customers to synchronize routing and security policies and reduce their operational costs while raising the level of security throughout their networks.
Cisco VPN Acceleration Module 2+ (VAM2+) security router bundles support a wide range of security features, allowing organizations to identify, prevent, and adapt to security threats. Features include:
• Secure connectivity-Provides secure and scalable network connectivity, incorporating multiple types of traffic. Examples include site-to-site and remote-access IP Security (IPSec) VPN, Dynamic Multipoint VPN (DMVPN), virtual routing and forwarding (VRF)-aware IPSec with IPSec/Multiprotocol Label Switching (MPLS) integration, and voice and video-enabled VPN (V3PN).
• Threat defense-Prevents and responds to network attacks and threats using network services. Examples include Cisco Intrusion Prevention System (IPS) and Cisco IOS® Firewall.
• Endpoint protection and control-Allows the network to intelligently protect endpoints using technologies such as Network Admission Control (NAC), identity services, and authentication, authorization, and accounting (AAA).
• Network device protection-Protects the network infrastructure from attacks and vulnerabilities, especially at the network level. Examples include control-plane policing and AutoSecure.
CISCO VAM2+ SECURITY ROUTER BUNDLE BENEFITS
Support for DES, 3DES, and AES
The Cisco VAM2+ supports Data Encryption Standard (DES) and Triple DES (3DES) and adds hardware acceleration for Advanced Encryption Standard (AES) 128-, 192- and 256-bit keys. AES is a cryptographic algorithm, often used by U.S. government organizations, that replaces DES and 3DES.
Performance and Scalability
Cisco 7200 Series and Cisco 7301 routers, combined with the Cisco VAM2+, support up to 280 Mbps of IPSec encryption throughput and up to 5000 IPSec remote-access or site-to-site tunnels.
Like the Cisco VAM and VAM2, the Cisco VAM2+ integrates hardware-assisted IP Payload Compression Protocol (IPPCP) Layer 3 compression into Cisco 7200 Series and Cisco 7301 routers. In environments where bandwidth is costly, this integration provides hardware-based IPPCP Lempel-Ziv-Stac (LZS) processing to compress network traffic before it is encrypted and sent over pay-per-byte WAN connections.
Cisco VAM2+ security router bundles are ideal for network environments that prefer a single-device solution but require a comprehensive security feature set. Router-based platforms provide rich routing features that can simplify VPN deployment by eliminating burdensome static routes associated with VPN appliances. Cisco VAM2+ router bundles include an IP FW/Intrusion Detection System (IDS) and IPSec 3DES image, which is an upgraded feature set over the Cisco VAM router bundles, as well as 512 MB of system memory-upgraded from 256 MB in the current VAM2 router bundles.
The Cisco 7200 Series offers numerous LAN and WAN interfaces for diverse connectivity requirements. Modular processors for the Cisco 7200 Series provide investment protection that gives customers flexibility as their needs grow. With a sleek one-rack-unit form factor, and including three onboard Gigabit Ethernet interfaces, the Cisco 7301 VAM2+ security router bundle provides the same high performance and scale as the Cisco 7200 Series integrated security solution.
Table 1 provides a list of features supported by these VPN bundles.
Table 1. Features at a Glance
High VPN Performance and Scalability
• Provides up to 280 Mbps of 3DES IPSec throughput
• Provides up to 5000 tunnels
• Provides Layer 3 IPPCP LZS support for bandwidth conservation over pay-per-byte WAN connections
Comprehensive VPN Features
• Offers diverse public key infrastructure (PKI) support and certificate auto-enrollment, helping to ensure proper identity and authenticity of devices and data
• Provides comprehensive tunneling support, allowing any standards-based IPSec or Layer 2 Tunneling Protocol (L2TP) client to interoperate with Cisco IOS Software tunneling technologies
• Can be deployed as a dedicated VPN gateway behind the WAN edge, or on the WAN edge as a single-device solution
Accommodate Diverse Network Traffic Types
• Cisco IOS Software supports secure, reliable transport of virtually any type of network traffic, including multiprotocol and multicast, across the IPSec VPN
Ensure High VPN Uptime
• Offers IPSec Stateful Failover, routing over IPSec, Dead Peer Detection, Hot Standby Router Protocol (HSRP), hardware component redundancy, and environmental monitoring
VPN and Network-Infrastructure Management
• CiscoWorks VPN/Security Management Solution (VMS) for multidevice VPN management
• Cisco VPN Device Monitor for single device management
• Cisco IP Solution Center (ISC) IPSec and MPLS VPN management
Modular, Upgradable System Processor
• Cisco 7200 Series network processing engines (NPEs) provide modular Reduced Instruction Set Computing (RISC) processing scalability
LAN/WAN Interface Flexibility
• Provides support for more than 60 port adapters, including serial, packet over SONET (POS); ATM; Ethernet, Fast Ethernet, Gigabit Ethernet; and voice
• The Cisco 7206VXR chassis delivers high interface density
Platform Investment Protection
• The unparalleled modularity of processors, interfaces, and memory helps ensure that a Cisco 7200 Series security router bundle purchased today will accommodate the growing needs of enterprise organizations and service providers
• IPSec/Internet Key Exchange (IKE): RFCs 2401-2411 and 2451
• IPPCP: RFCs 2393 and 2395
Standards-Based VPN Support
CISCO SECURITY MANAGEMENT
Single Device Management
Cisco 7200 Series and 7301 VAM2+ security bundles come with Cisco Router and Security Device Manager (SDM) already installed. Cisco SDM is an intuitive, Web-based (GUI) device manager for deployment and management of Cisco routers. Cisco SDM provides easy router configuration and monitoring for quick deployment and router lockdown, smart wizards to help enable security and routing features, Cisco Technical Assistance Center (TAC)-approved router configurations, and subject-related educational content. For more information, visit the
Cisco SDM homepage.
Multiple Device Management
CiscoWorks VMS is an integral part of the SAFE Blueprint from Cisco for network security. It combines Web-based tools for configuring, monitoring, and troubleshooting enterprise VPNs, firewalls, and network- and host-based IDSs. CiscoWorks VMS delivers the industry's first robust and scalable foundation and feature set that addresses the needs of small and large-scale VPN and security deployments. For more information, visit the
CiscoWorks VMS homepage.
Cisco ISC is primarily designed to manage MPLS networks, but also provides support for management of an integrated IPSec/MPLS network-based VPN solution on Cisco 7200 Series and Cisco 7301 routers.
Cisco Systems is committed to maintaining an active product certification and evaluation program for customers worldwide. Recognizing that certifications and evaluations are important to customers, Cisco continues to be a leader in providing certified and evaluated products to the marketplace. Cisco will continue to work with international security standards bodies to help shape the future of certified and evaluated products, and will work to accelerate certification and evaluation processes. Certification and evaluation are considered at the earliest part of Cisco's product development cycle, and the company will continue to position its security products to help ensure that customers have a variety of certified and evaluated products to meet their needs. For more information on FIPS, ICSA, and Common Criteria security evaluation, visit the
Cisco Security Certification/Evaluation homepage.
To place an order, visit the
Cisco Ordering homepage. Table 2 gives ordering information for Cisco 7200 Series and Cisco 7301 VAM2+ security bundles.
Table 2. Ordering Information for Cisco 7200 Series and Cisco 7301 VAM2+ Security Bundles
VAM2+ Security Bundle ID
Cisco 7206VXR chassis, NPE-400 processor with 512 MB of system memory, I/O controller with dual 10/100 Fast Ethernet ports, VAM 2+, AC power, and Cisco IOS IP FW/IDS IPSec 3DES Software
Cisco 7206VXR chassis, NPE-G1 processor with 512 MB of system memory, three onboard 100/1000 Ethernet ports, VAM2+, AC power, and Cisco IOS IP FW/IDS IPSec 3DES Software
Cisco 7301 chassis, 512 MB of system memory, three onboard 100/1000 Ethernet ports, VAM2+, AC power, and Cisco IOS IP FW/IDS IPSec 3DES Software
SERVICE AND SUPPORT
Cisco offers numerous services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to
Cisco Technical Support Services or
Cisco Advanced Services.