Table Of Contents
Cisco Catalyst 6500 Series Security and IPSec VPN Systems
Cisco Catalyst 6503 Firewall Security System
Cisco Catalyst 6506 Firewall Security System
Cisco Catalyst 6503 IPSec VPN System
Cisco Catalyst 6506 IPSec VPN System
Cisco Catalyst® security and virtual private network (VPN) systems provide turnkey solutions for deploying high-performance firewall or VPN services in enterprise and service-provider environments. The product line consists of four easy-to-order, preconfigured systems—two firewall security systems and two IP Security (IPSec) VPN systems, all based on the market-leading Cisco Catalyst 6500 Series—meeting a broad range of operational and expandability requirements. The systems come fully integrated with a processor, a high-performance firewall or VPN service engine, and dual Gigabit-Ethernet interfaces.
The Cisco Catalyst Firewall Security systems take advantage of the Cisco Catalyst Firewall Service Module and provide up to 5 Gbps of firewall services based on the market-leading Cisco PIX® Firewall family. The Cisco Catalyst IPSec VPN systems take advantage of the Cisco Catalyst IPSec VPN Service Module and provide up to 2 Gbps of Triple Data Encryption Standard (3DES) encryption. All systems may be further tailored to customer requirements, with additional LAN/WAN customization supplied by any Cisco Catalyst Series Input/Output (I/O) Module.
Each of these systems is an excellent choice where high-performance security and seamless network integration are critical considerations for your security needs.
Cisco Catalyst Firewall Security System
The Cisco Catalyst Firewall Security System is ideal for perimeter and campus deployments where security policies or network architectures require the use of a separate dedicated security appliance. The Cisco Catalyst Firewall Security System not only offers exceptional firewall performance, but also provides extensive flexibility and modularity that is unprecedented in typical firewall appliances. The Cisco Catalyst Firewall Security System takes advantage of the robust security and network services integral to Cisco Catalyst systems—line-rate Layer 2-4 access control list (ACL) processing; protocol and Media Access Control (MAC) filtering; authentication, authorization, and accounting (AAA) support; Open Shortest Path First (OSPF); switching and routing infrastructure; and access to the broadest array of high-density LAN and WAN modules for site-specific customization.
Two Cisco Catalyst Firewall Security systems are available, meeting both deployment simplicity and site customization needs. The Cisco Catalyst 6503 Firewall Security System is a three-slot model providing a turnkey solution that integrates a Cisco Catalyst 6000 Supervisor 2 (with integrated Policy and Multilayer Switch Feature cards (PFC2/MFC2) for system control, routing services, and dual-Gigabit-Ethernet ports); a Cisco Catalyst Firewall Service Module providing 5 Gbps of firewall services; and a single open slot for site customization. For example, a 16-port Gigabit Ethernet module can be inserted to provide an 18-port Gigabit Ethernet firewall system to numerous demilitarized zone (DMZ) e-business server farms. Alternatively, a 48-port 10/100/1000-Ethernet module can be inserted for high-density wiring closet applications.
For environments requiring extensive site customization or additional security services, the Cisco Catalyst 6506 Firewall Security System integrates the same Cisco Catalyst 6000 Supervisor 2 and Cisco Catalyst Firewall Service Module preinstalled, with an additional four slots for local customization (six slots total). This is an excellent choice where additional physical ports are required, the integration of additional security services are warranted (such as intrusion detection), or higher firewall throughput is desired. For example, up to three additional Firewall Service modules may be inserted, achieving up to 20 Gbps of aggregate firewall throughput—meeting the needs of the most demanding security environments.
Cisco Catalyst IPSec VPN System
The Cisco Catalyst IPSec VPN Security System is ideal for central-site, headend, or site-to-site VPNs. Available in the same configurations as the Cisco Catalyst Firewall Security systems above, the Cisco Catalyst IPSec VPN systems integrate the IPSec VPN Service Module supporting up to 8000 customer extranet and intranet connections. Available in three- and six-slot configurations (Cisco Catalyst 6503 IPSec VPN System and Cisco Catalyst 6506 IPSec VPN System, respectively) these systems also enjoy the broad suite of services and multitude of I/O interfaces inherent in the Cisco Catalyst 6500 Series.
The integration of IPSec within the Cisco Catalyst Series provides a seamless transition from leased-line or Frame-Relay environments to cost-effective VPN interconnects. Through tight integration with the routing and IP services available within the Cisco Catalyst 6500 Series and Cisco IOS® Software, a Cisco Catalyst IPSec VPN System can take advantage of the broadest set of IP services, quality-of-service (QoS) mechanisms, and routing protocols available in the industry. This ensures existing IP applications full integration with the VPN network. The Cisco Catalyst IPSec VPN System is also an excellent choice for terminating remote site-to-site VPN connections from teleworker and regional centers via other Cisco VPN-enabled routers, ensuring consistent network service.
Benefits of Cisco Catalyst Firewall Security and IPSec VPN Systems
By integrating best-of-breed firewall and VPN functionality with the exceptional features and high-touch IP services of Cisco Catalyst systems, these Cisco Catalyst security and VPN systems offer the following key benefits:
•Ease of deployment via turnkey solutions offered by Cisco Catalyst Firewall Security or IPSec VPN systems.
•Best price/performance in their class.
•Extensive site-specific customization options via the broadest suite of LAN and WAN media, ranging from fractional T1 to OC-48 to high-density Ethernet and 10 Gigabit Ethernet (IPSec WAN support available in the first half of 2003).
•Complete investment protection via the systems' modular design and upgradability of processors through the use of standard Cisco Catalyst 6000 supervisors.
•Increased overall system reliability and uptime via redundancy options such as hot-standby Cisco Catalyst 6000 supervisors and power supplies.
•Enhanced security posture with the addition of the optional Cisco Catalyst Intrusion Detection Module provides extensive denial-of-service (DoS) attack prevention capabilities, including SYN attacks, Internet Control Message Protocol (ICMP) flood, IP spoofing, and Ping of Death attacks.
•Management and operational consistency through using the Cisco Catalyst 6500 Series from end to end, simplifying the learning curve while bringing greater return on investments.
•Support for Cisco AVVID (Architecture for Voice, Video and Integrated Data) via integral support for voice, data, and video in the same platform.
Additional Benefits of Cisco Catalyst 6506 Systems
The six-slot version of the Cisco Catalyst Firewall Security and IPSecVPN systems provides additional benefits, including:
•Investment protection is assured through the highly scalable nature of the six-slot systems. Incremental upgrades to existing systems are possible through the addition of up to four Cisco Catalyst 6500 Series LAN, WAN, or Layer 4-7 Service modules. This avoids costly "forklift" upgrades as topology and service needs change over time.
•Adaptability to virtually any network environment is assured by enabling multiple I/O interfaces as well as redundant processing units and service modules within the same system. This enables these security systems to be deployed in a variety of topologies, including metropolitan-area networks (MANs), storage-area networks (SANs), and high-speed government and research networks.
Additional Benefits of Cisco Catalyst Firewall Security Systems
Cisco Catalyst 6503 and 6506 Firewall Security systems provide a turnkey solution ideally suited for data-center, e-commerce, and perimeter-security requirements. The systems provide these additional benefits:
•Best performance of any firewall appliance, starting at up to 5 GB of throughput
•Additional network uptime assurance through stateful failover of all firewall sessions, either in the same chassis or across chassis
•Option to add additional services specific to data-center or e-business environments, such as intrusion detection, Secure Sockets Layer (SSL), and load balancing, for highly scalable and secured information systems
•Increased firewall capacity to 20 Gbps with the addition of multiple firewall modules in a system
Additional Benefits of Cisco Catalyst IPSec VPN Systems
The Cisco Catalyst 6503 and 6506 IPSec VPN Security systems provide best-in-class VPN services by combining exceptional VPN performance with the flexibility, modularity, and rich Layer 2 and 3 features of Cisco Catalyst 6500 chassis for headend and site-to-site connectivity. The systems provide these additional benefits:
•Best price/performance in their class, providing IPSec performance of up to 2 Gbps and delivering up to 8000 tunnels
•Transition from private-line or Frame-Relay networks to VPN is greatly simplified with the integration of high-performance VPNs with the rich routing and IP services capabilities of Cisco Catalyst systems
•Advanced IPSec services, such as dynamic multipoint VPN, enable meshed and hierarchical network topologies for VPN design—further simplifying the transition to VPN networking
Table 1 shows product information for the Cisco Catalyst Firewall Security and IPSec VPN systems.
Table 2 shows ordering information for the Cisco Catalyst Firewall Security and IPSec VPN systems.
For More Information
Cisco Catalyst 6503 Series Switch
Integrated Network Security with Cisco Catalyst 6500 Series Switch
Cisco Catalyst 6500 Series Switch
VPN and Security Services