Cisco Products Quick Reference Guide: February 2002
Chapter 5: VPN and Security Products
VPN and Security Products at a Glance
|
Product |
Features |
Page |
|---|---|---|
|
Cisco PIX Firewall |
High performance stateful inspection firewalling
|
|
|
Cisco IOS Firewall Feature Set |
Value-added option that provides advanced firewall-specific capabilities
|
|
|
Cisco Secure Scanner (formerly NetSonar) |
Proactive network security analysis system
|
|
|
Cisco Secure User Registration Tool (URT) |
Identifies users within the network and creates user registration policy bindings that help support mobility and tracking:
|
|
|
Cisco Intrusion Detection System (formerly NetRanger) |
Real-time intrusion detection system
|
|
|
Cisco Secure Access Control Server (ACS) for Windows |
High-performance user access control framework
|
See Cisco Secure Access Control Server for Windows 2000 and NT |
|
Cisco Secure Policy Manager for IDS |
Cisco Secure Policy Manager 2.3i for IDS Sensors features a 3-IDS sensor restricted license to monitor network intrusion information from up to 3 IDS Sensors. See Chapter 9--Cisco IOS Software and Network Management for more information on Cisco Secure Policy Manager for IDS |
|
|
CiscoWorks VPN/Security Management Solution |
CiscoWorks VPN/Security Management Solution is an integral part of the SAFE Blueprint that combines Web-based applications for configuring, monitoring and troubleshooting enterprise Virtual Private Networks (VPNs), firewall security, and network and host-based intrusion detection systems (IDS). See Chapter 9--Cisco IOS Software and Network Management for more information on CiscoWorks VPN/Security Management Solution |
|
|
Cisco 7100 Series |
Large branch and central site VPN router
|
|
|
Cisco VPN 3000 Family |
Remote access Virtual Private Network platform
|
|
|
Cisco 1700, 2600, 3600, 7200, and 7400 Series |
Wide variety of modular router platforms with options for IOS-based and hardware-enabled VPN and security support. See individual product pages and Cisco IOS Firewall Feature Set (page See Cisco IOS Firewall Feature Set). |
Cisco PIX Firewall Series
The Cisco PIX Firewall series delivers strong security in an easy-to-install, integrated hardware/software firewall appliance that offers outstanding performance. Cisco's world-leading PIX Firewall family spans the entire security appliance spectrum, from compact, "plug and play" desktop firewalls for small/home offices to carrier-class gigabit firewalls for the most demanding enterprise and service provider environments. Cisco PIX Firewalls deliver superior performance of up to 500,000 simultaneous connections and nearly 1.7 Gbps throughput--providing world-class security, reliability and customer service.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
PIX 501 |
|
|
PIX 506 |
|
|
PIX 515 |
|
|
PIX 525 |
|
|
PIX 535 |
|
Key Features
- Security--Purpose-built firewall appliance with a proprietary, hardened operating system that eliminates security holes
- Performance--Stateful connection-oriented firewall capable of 500,000 concurrent connections and 1.7 Gbps of throughput
- Reliability--High availability support via a redundant hot standby unit that maintains concurrent connections through automatic stateful synchronization
- Virtual Private Network (VPN)--Support for both standards-based IPsec and L2TP/PPTP-based VPN services
- Optional PIX VPN Accelerator Card--3DES VPN throughput can scale to nearly 100 Mbps, encryption/decryption processes handled by specialized coprocessors
- Network Address Translation (NAT) and Port Address Translation (PAT)--Conceals internal IP addresses and expands network address space
- Denial-of-Service (DoS) Attack Protection--Protects the firewall, as well as internal servers and clients, from disruptive hacking attempts
- Web-Based PIX Device Manager (PDM)--For configuration and usage reports
- Platform Extensibility--Support from two 10/100 Ethernet interfaces up to ten Gigabit Ethernet interfaces
- Low Cost of Ownership--Simple installation and configuration for minimal time investment combined with impressive price/performance
Competitive Products
|
|
Specifications
|
Feature |
PIX 501 |
PIX 506 |
PIX 515 |
PIX 525 |
PIX 535 |
|---|---|---|---|---|---|
|
Processor |
133 MHz |
200 MHz |
200 MHz |
350 MHz |
1.0 GHz |
|
RAM |
16 MB |
32 MB |
32 or 64 MB |
128 or 256 MB |
512 MB or 1 GB |
|
Flash Memory |
8 MB |
8 MB |
16 MB |
16 MB |
16 MB |
|
PCI Slots |
None |
None |
2 |
3 |
9 |
|
Fixed Interfaces |
Four port 10/100 switch (inside), One 10Base-T Ethernet (outside) |
Two 10Base-T Ethernet |
Two 10/100 Fast Ethernet |
Two 10/100 Fast Ethernet |
None |
|
Maximum Interfaces |
Four port 10/100 switch (inside), One 10Base-T Ethernet (outside) |
Two 10Base-T Ethernet |
Six 10/100 Fast Ethernet (FE) |
Eight 10/100 FE or GE |
10-10/100 FE or GE |
|
VPN Accelerator Card (VAC) Option |
No |
No |
Yes |
Yes |
Yes |
|
Failover Support |
No |
No |
Yes, UR only |
Yes, UR only |
Yes, UR only |
|
Size |
Desktop |
Desktop |
1 RU |
2 RU |
3 RU |
Selected Part Numbers and Ordering Information
|
Cisco PIX Bundles 1 |
|
|
PIX-535-UR-BUN |
PIX 535 Unrestricted Bundle (Chassis, unrestricted license, two 10/100 ports) |
|
PIX-535-R-BUN |
PIX 535 Restricted Bundle (Chassis, restricted license, two 10/100 ports) |
|
PIX-535-FO-BUN |
PIX 535 Failover Bundle (Chassis, failover license, two 10/100 ports) |
|
PIX-525-UR-BUN |
PIX 525 Unrestricted Bundle (Chassis, unrestricted software, two 10/100 ports) |
|
PIX-525-R-BUN |
PIX 525 Restricted Bundle (Chassis, restricted software, two 10/100 ports) |
|
PIX-525-FO-BUN |
PIX 525 Failover Bundle (Chassis, failover software, two 10/100 ports) |
|
PIX-515-UR-BUN |
PIX 515 Unrestricted Bundle (Chassis, unrestricted software, two 10/100 ports) |
|
PIX-515-R-BUN |
PIX 515 Restricted Bundle (Chassis, restricted software, two 10/100 ports) |
|
PIX-515-FO-BUN |
PIX 515 Failover Bundle (Chassis, failover software, two 10/100 ports) |
|
PIX-506 |
PIX 506 (Chassis, software, two 10-BaseT ports) |
|
PIX-501-BUN-K8 |
PIX 501 10 User/DES Bundle (Chassis, SW, 10 user/DES licenses, 4 port 10/100 switch) |
|
PIX-501-BUN-K9 |
PIX 501 10 User/3DES Bundle (Chassis, SW, 10 user/3DES licenses, 4 port 10/100 switch) |
|
PIX-501-50-BUN-K8 |
PIX 501 50 User/DES Bundle (Chassis, SW, 50 user/DES licenses, 4 port 10/100 switch) |
|
PIX-501-50-BUN-K9 |
PIX 501 50 User/3ES Bundle (Chassis, SW, 50 user/3DES licenses, 4 port 10/100 switch) |
|
Cisco PIX Interfaces and Cards |
|
|
PIX-1GE-66 |
Single 66-MHz Gigabit Ethernet interface for PIX 53x (multimode fiber, SC connector) |
|
PIX-1GE |
Single Gigabit Ethernet Interface for PIX 52x |
|
PIX-4FE |
Four-port 10/100 Fast Ethernet interface |
|
PIX-1FE |
Single-port 10/100 Fast Ethernet interface |
|
PIX-VPN-ACCEL |
IPSec Hardware VPN Accelerator Card (VAC) |
|
Cisco PIX VPN Feature Licenses |
|
|
PIX-VPN-3DES |
168-bit 3DES IPSec VPN software license |
|
PIX-506-SW-3DES |
168-bit 3DES IPSec VPN software license for PIX 506 |
|
PIX-501-VPN-3DES |
168-bit 3DES IPSec VPN software license for PIX 501 |
|
PIX-VPN-DES |
56-bit DES IPSec VPN software license |
|
PIX Accessories |
|
|
PIX-501-PWR-AC |
Spare AC power supply for PIX 501 |
|
PIX-506-PWR-AC |
Redundant AC power supply for PIX 506 (also available for PIX 515, PIX 525, and PIX 535) |
|
PIX-515-PWR-DC |
Redundant DC power supply for PIX 515 (also available for PIX 525 and PIX 535) |
For More Information
See the PIX Firewall Web site: http://www.cisco.com/go/pix
Cisco IOS Firewall Feature Set
The Cisco IOS Firewall Feature Set enriches Cisco IOS Software security capabilities, integrating robust firewall functionality and intrusion detection for every network perimeter. When combined with Cisco IOS IPSec software and other Cisco IOS Software-based technologies such as L2TP tunneling and quality of service (QoS), it provides a complete, integrated virtual private network solution. Because it is available for a wide range of Cisco routers, it gives customers the flexibility to choose a solution that meets their bandwidth, LAN/WAN density, and multiservice requirements, while benefiting from advanced security.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco IOS Firewall Feature Set |
|
Key Features
- Context-based access control (CBAC) provides secure, stateful, application-based filtering, supporting the latest protocols and advanced applications
- Intrusion detection for real-time monitoring, interception, and response to network misuse
- Dynamic, per-user authentication/authorization for LAN, WAN, and VPN clients
- Graphical configuration and management via the ConfigMaker Security Wizard
- Provides strong perimeter security for a complete Cisco IOS Software-based VPN solution, including IPSec, QoS, and tunnelling for a wide range of Cisco routers
Competitive Products
|
|
Specifications
|
Feature |
Cisco IOS Firewall |
|
Supported Network Interfaces |
All network interfaces on supported platforms |
|
Supported Platforms |
Cisco 1720, 2600, 3600, 7100, and 7200 series router platforms (supports full feature set) Cisco 800, UBR900, 1600, and 2500 series router platforms include all firewall features with exception of intrusion detection and authentication proxy |
|
Simultaneous Sessions |
No maximum; dependent on platform, network connection, and traffic |
Part Numbers and Ordering Information
|
For Cisco IOS Images containing firewall (FW) and intrusion detection (IDS) capabilities, see individual product pages of supported platforms and the Cisco IOS Feature Navigator at http://www.cisco.com/go/fn (CCO login required) for part numbers and more info. |
For More Information
See the Cisco IOS Firewall Feature Set Web site: http://www.cisco.com/go/csis
Cisco Secure Scanner
Proactive, preventative security--The Cisco Secure Scanner (formerly NetSonar) is an enterprise-class software tool offering superior network system identification, innovative data management, flexible user-defined vulnerability rules, comprehensive security reporting capabilities. The Scanner is a key component in Cisco's end-to-end network security solutions. It allows users to measure security, manage risk, and eliminate security vulnerabilities, thereby enabling more secure network environments.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco Secure Scanner |
|
Key Features
- Flexible licensing designed to serve the changing needs of customers and to provide unprecedented scanning flexibility
- Easy-to-use interface allows a quick network scan without pre-existing knowledge of the network or security vulnerabilities
- Comprehensive scanning engine that can analyze and identify targeted networked systems--including Web servers, firewalls, routers, switches, and workstations
- Flexible data analysis and reporting capabilities, including graphics-generating features and report wizard
- User-defined implementation options including scheduling, specialized profiles, and customized scanning rules for legacy or proprietary systems
- Unique matrix browser and display technology that allows users to easily navigate through data
- Regular vulnerability updates of signature and rules files
- Extensive network security database with descriptions of security problems and options to fix them; new vulnerabilities added to identify
- New vulnerabilities that the Scanner v 2.0.2.3 can detect include Code Red I and II vulnerable systems
Competitive Products
|
|
Specifications
|
Feature |
Minimum System Requirements for Secure Scanner on Windows NT |
Minimum System Requirements for Secure Scanner on Solaris |
|
Hardware |
Pentium II 450 MHz PC CD-ROM drive TCP/IP network interface Screen resolution of 800 x 600 or greater |
Sun SPARC 10 Pentium II 450 MHz PC CD-ROM drive TCP/IP network interface Screen resolution of 800 x 600 or greater |
|
Operating System |
Windows NT 4.0 Workstation/Server Windows 2000 Professional/ Server Service Pack 5 or later |
Solaris 2.6, 2.7, or 2.8 (for SPARC) Solaris 2.6, 2.7, or 2.8 (for Pentium) |
|
Software |
Internet Explorer 4.0 or later Netscape Navigator 2.0 or later |
Netscape Navigator 2.0 or later |
|
Disk Space |
2 GB hard drive |
2 GB hard drive |
|
Memory |
64 MB (96 MB recommended) |
64 MB (96 MB recommended) |
|
User Privileges |
Local or domain administrator |
Root |
Selected Part Numbers and Ordering Information
|
Cisco Secure Scanner 2 |
|
|
NS-201-NT-2500 |
Scanner 2.0 for NT (Up to 2500 Addresses) |
|
NS-201-S-2500 |
Scanner 2.0 for Solaris (Up to 2500 Addresses) |
|
Cisco Secure Scanner Software Application Support (SAS) Maintenance |
|
|
CON-SAS-NS-NT |
SAS Maintenance for Scanner for NT |
|
CON-SAS-NS-SOL |
SAS Maintenance for Scanner for Solaris |
For More Information
See the Cisco Secure Scanner Web site: http://www.cisco.com/go/scan
Cisco Secure User Registration Tool
The Cisco Secure User Registration Tool (URT) actively identifies users within the network and creates user registration policy bindings for policy registration, mobility, and tracking. URT solves many of the day-to-day mobility problems within a campus by ensuring that each user is appropriately associated with their authorized subnet/VLAN and that they all receive IP addresses that correspond to the logical groups to which they belong. These network management links significantly reduce the time it takes to resolve problems within both the help desk and the network operations groups. URT is essential for companies that have highly dynamic, constantly changing work environments, and require control over changes with respect to their logical workgroup associations.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco Secure User Registration Tool (URT) |
|
Key Features
- Automated switch port configuration and dynamic VLAN domain assignment for users logging into the network
- Integration with Microsoft NT and Netware NDS
- Fully redundant architecture, which is essential for ensuring continuous 24 x 7 successful login and switch port reconfiguration
- Fully scalable for large networks
- Broad range of Catalyst switches supported
- Complements other CiscoWorks2000 solutions and supports data import
Specifications
|
Feature |
Cisco Secure User Registration Tool (URT) |
|
Server Requirements |
Microsoft: Microsoft Windows NT or 2000 servers Novell NDS: Novell NetWare 5.0 running the IP stack with the Z.E.N. Works Starter pack |
|
DHCP Server Requirements |
Microsoft DHCP server or Cisco Network Registrar DHCP server |
|
Client Software Requirements |
DHCP-enabled Windows 95, 98, NT, 2000, and ME clients |
|
Supported Cisco Products |
Any Catalyst switch supporting dynamic ports |
Selected Part Numbers and Ordering Information
|
Cisco Secure User Registration Tool (URT) 3 |
|
|
CWURT-2.0 |
User Registration Tool Version 2.0; Includes software and (2) VPS1110 hardware devices |
|
CWVPS-1110-HW |
Additional VLAN Policy server to be added to existing URT 2.0 installations |
For More Information
See the Cisco Secure User Registration Tool Web site: http://www.cisco.com/go/urt
Cisco Intrusion Detection System 
The Cisco Intrusion Detection family--consisting of the Cisco Intrusion Detection System (IDS) 4200 network security appliances, an IDS Catalyst 6000 security module, and an IDS Host based sensor--delivers a family of high-performance security surveillance solutions for both enterprise and service-provider networks. Designed to address the increased requirements for security visibility, denial-of-service (DoS) protection, antihacking detection, protection from worms (such as Code Red & Nimda), and e-commerce business defenses, the Cisco IDS family leads the market in innovative security monitoring solutions. Together, the Cisco IDS family delivers a wide range of sensing solutions, enabling corporate internets, intranets, extranets, and critical web servers to operate without security interruptions.
The Cisco IDS family delivers exceptional stability, scalability, and price/performance, supporting a wide range of deployment environments. As a key component of the SAFE blueprint for secure e-business, the Cisco IDS provides unprecedented network based and host based protection, enabling businesses to launch new businesses securely and take advantage of the exploding Internet economy.
The current Cisco IDS sensing portfolio includes the IDS 4210 Sensor appliance, IDS 4230 Sensor appliance, Catalyst 6000 Intrusion Detection System Module (IDSM), and the Cisco IDS Host Sensor.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco IDS Network and Host Sensors |
|
Key Features
- Market-leading technology
- Sophisticated attack detection and antihacking protection
- Transparent operation
- Pervasive platform support
- Scalable sensing performance
- Integrated solution with the Catalyst 6000 IDS Module
- Comprehensive host-based protection
- Powerful management and monitoring
- Investment protection
- Active response
Competitive Products
|
|
Specifications
Cisco IDS--Network Sensor
|
Feature |
IDS-4210 |
IDS-4230 |
IDS Module |
|---|---|---|---|
|
Performance |
45 Mbps |
100 Mbps |
120 Mbps |
|
Processor |
Celeron 566 MHz |
Dual PIII-600 MHz |
Custom Hardware |
|
RAM |
256 MB |
512 MB |
256 MB |
|
Network Interface Card |
Autosensing 10/100 Base-T Ethernet |
Autosensing 10/100 Base-T Ethernet |
PCI |
|
Command and Control Interface |
Autosensing 10/100 Base-T Ethernet |
Autosensing 10/100 Base-T Ethernet |
PCI |
Cisco IDS--Host Sensor
|
Feature |
Host IDS Sensor Agent |
Host IDS Sensor Agent-- Web Server Edition |
|---|---|---|
|
Platforms |
Agents available for: Microsoft Windows NT Server, Microsoft Windows 2000 Server, Solaris Ultrasparc (running Solaris 2.6, 2.7, 2.8) Console available for: Microsoft Windows NT Server (SP4 or later), Microsoft Windows 2000 Server |
Agents available for: Microsoft IISv.4.0 for NT and IIS v5.0 for Windows 2000, Apache, 1.3.6 and higher for Solaris, iPlanet Netscape Enterprise Server 3.6 |
Selected Part Numbers and Ordering Information
|
Cisco IDS Network Appliance Sensor 4 |
|
|
IDS-4210 |
4210 Sensor (Chassis, s/w, two 10/100 ports, up to 45Mbps) |
|
IDS-4220-E |
Cisco IDS 4220 Ethernet Sensor |
|
IDS-4230-FE |
4230 Sensor (Chassis, s/w, two 10/100 ports, up to 100Mbps) |
|
Cisco IDS Switch Sensor Options |
|
|
WS-X6381-IDS |
Intrusion Detection System Module for Catalyst 6K Switch |
|
Cisco IDS Host Sensor Options |
|
|
HIDS-2.0.1-AGNT-K9 |
Configurable IDS Host |
|
HIDS-WEB-SOL-K9 |
Web Server Edition (Protects OS + WWW application) Solaris |
|
HIDS-WEB-WIN-K9 |
Web Server Edition (Protects OS + WWW application) WIndows |
|
HIDS-STD-SOL-K9 |
Standard Edition (Protects OS) Solaris |
|
HIDS-STD-WIN-K9 |
Standard Edition (Protects OS) Windows |
For More Information
See the Cisco IDS Web site: http://www.cisco.com/go/ids
Cisco Secure Access Control Server for Windows 2000 and NT
Cisco Secure Access Control Server (ACS) for Windows 2000 and NT is a highly scalable, high performance access control server that operates as a centralized RADIUS or TACACS+ server system and controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network. It supports access control and accounting for dial-up access servers, broadband Cable and DSL solutions, VPNs and firewalls, Voice over IP (VoIP) solutions and Cisco's Aironet 350 Wireless access solutions.
New in Version 3.0 is standards-based IEEE 802.1x support for Cisco's Catalyst Switch LAN solutions, now providing the same user AAA services to the LAN side of the network.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco Secure Access Control Server (ACS) for Windows 2000 and NT |
|
Key Features
- Ease of Use--Web-based user interface simplifies and distributes configuration
- Scalability--ACS supports large environments with support for redundant servers, remote databases, and user database backup services
- Extensibility--LDAP authentication forwarding for authentication of user profiles stored in directories from key vendors such as Netscape, Novell, and Microsoft
- Management--Windows 2000 Active Directory and NT database support consolidates Windows username/password management, and utilizes the Windows Performance Monitor for real-time statistics viewing
- Administration--Different access levels for each administrator and ability to group network devices to facilitate enforcement and changes of security policies
- Product Flexibility--ACS can be used with most Cisco router/network access servers, when running a RADIUS or TACACS+ embedded Cisco IOS version
- Third-Party Support--Token Server support for RSA SecurID, Axent Technologies, Secure Computing and CryptoCard
- Control--Dynamic quotas for time-of-day, network usage, number of logged sessions, and day-of-week access restrictions
Competitive Products
|
|
Specifications
|
Feature |
Cisco Secure Access Control Server (ACS) for Windows 2000 and NT |
|---|---|
|
Platform |
PC with Windows NT Server 4.0 and Service Pack 6 or Windows 2000 Server (up to Service Pack 2); Pentium 550-MHz processor or faster; Screen resolution of 256 colors at 800 x 600 lines |
|
RAM |
256 MB required; more if you are running your database on the same machine |
|
Disk Drive |
250 MB of disk space |
|
Software Requirements |
Any Cisco or third-party access/management solution configurable as a TACACS+ or RADIUS client |
|
Platform Requirements |
Cisco IOS Software 11.2 or higher on Cisco Routing Solutions |
Selected Part Numbers and Ordering Information
|
Cisco Secure Access Control Server (ACS) for Windows 5 |
|
|
CSACS-3.0 |
Cisco Secure ACS Version 3.0 for Windows |
|
CSACS-3.0-UPG |
Product and license upgrade to Cisco Secure ACS Version 3.0 for Windows from existing CSNT Version 2.X. Can also be used to a CSU 2.X user to ACS on Windows. |
For More Information
See the Cisco Secure ACS for Windows Web site: http://www.cisco.com/go/acs
Cisco 7100 Series
The Cisco 7100 series VPN router is a high-end, integrated VPN solution that melds high-speed, industry-leading routing with a comprehensive suite of advanced site-to-site VPN services. The Cisco 7100 series VPN router integrates key features of VPNs--tunneling, data encryption, security, firewall, advanced bandwidth management, and service-level validation--to deliver self-healing, self-defending, VPN platforms that cost-effectively accommodate remote-office and extranet connectivity using public data networks. The Cisco 7100 series VPN router offers specific hardware configurations optimized for VPN applications and network topologies. Optional WAN and embedded Fast Ethernet interfaces combined with high-performance routing and rich VPN services provide turnkey VPN routing solutions.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
Cisco 7120 |
|
|
Cisco 7140 |
|
Key Features
- Comprehensive suite of VPN services--tunneling, data encryption, security, firewall, quality of service, and service level validation--integrated with industry leading routing
- High performance RISC processor delivering high-speed, scalable VPN services and routing throughput and extensive memory for reliable, high-speed VPN services delivery
- Dual autosensing 10/100BASE-T Fast Ethernet ports for connectivity to the corporate LAN; the Cisco 7120 Series also has an integrated 4-port T1/E1 serial WAN interface
- Integrated Services Module (ISM) is included for support up to 2000 simultaneous tunneling sessions with 90 Mbps encryption performance and Windows 95/98/NT4.0 and Windows 2000 compatibility for remote access; an optional Integrated Services Adapter (ISA) may be installed in the Cisco 7140 to provide dual encryption acceleration performance up to 3000 tunnels and 140 Mbps 3DES encryption throughput
Competitive Products
|
|
Specifications
|
Feature |
Cisco 7120 |
Cisco 7140 |
|---|---|---|
|
Embedded Dual 10/100BASE-T Fast Ethernet Interfaces |
Autosensing, RJ-45 |
Autosensing, RJ-45 |
|
WAN Physical Interfaces |
EIA/TIA-232, EIA/TIA-449, X.21, V.35, EIA-530 |
None |
|
WAN/LAN Interface Expansion Slot |
1 slot |
1 slot |
|
Supported Network and Services Port Adapters |
Gigabit Ethernet 1000BASE-SX and 1000BASE-LX/LH Fast Ethernet 100BASE-TX and 100BASE-FX Fast Ethernet/ISL TX and ISL FX Ethernet 10BASE-T and 10BASE-FL Dedicated Token Ring Multichannel T1 and E1 ATM Synchronous Serial HSSI ISDN BRI Packet over SONET OS3/STM1 Integrated Services Adapter (ISA) |
Same as Cisco 7120 |
|
Service Module Slot |
1 slot |
1 slot |
|
Included Service Modules |
Integrated Services Module (ISM) |
Integrated Services Module (ISM) |
|
Console and Auxiliary Ports |
1 of each, RJ-45 interface |
1 of each, RJ-45 interface |
|
SDRAM |
64 MB packet 128 MB system (expandable to 256 MB) |
64 MB packet 128 MB system (expandable to 256 MB) |
|
Flash Memory |
48 MB |
48 MB |
|
PCMCIA Slots for Flash Memory |
2 |
2 |
|
Power Supply |
Single AC |
Dual AC |
|
Dimensions (HxWxD) |
3.5 in. x 17.5 in. x 18.25 in. |
3.5 in. x 17.5 in. x 18.25 in. |
Cisco IOS Software and Memory Requirements
To run the Cisco IOS Software Feature Packs, you need, at a minimum, the amount of memory shown in the following table. Some configurations will require more than the recommended minimum.
|
Distribution 6 |
Feature Pack |
IOS Image Release |
Flash Memory Required |
DRAM Memory Required |
|---|---|---|---|---|
|
CD71-CL-12.1.6E= |
IP IPSEC 56 |
12.1(6)E |
16MB |
64MB |
|
CD71-CK2-12.1.6E= |
IP IPSEC 3DES |
12.1(6)E |
16MB |
64MB |
|
CD71-CHK2-12.1.6E= |
IP/FW/IDS IPSEC 3DES |
12.1(6)E |
16MB |
64MB |
|
CD71-AL-12.1.6E= |
Enterprise IPSEC 56 |
12.1(6)E |
16MB |
64MB |
|
CD71-AK2-12.1.6E= |
Enterprise IPSEC 3DES |
12.1(6)E |
16MB |
64MB |
|
CD71-AHK2-12.1.6E= |
Enterprise/FW/IDS IPSEC 3DES |
12.1(6)E |
16MB |
64MB |
Selected Part Numbers and Ordering Information
|
Cisco 7100 Series Bundles--7120 7 |
|
|
CISCO7120-4T1/VPN |
7120-4T1 VPN Bundle, ISM, 2xFE, AC PS, IPSEC DES |
|
C7120-4T1/VPN/K9 |
7120-4T1 VPN Bundle, ISM, 2xFE, AC PS, IPSEC 3DES |
|
Cisco 7100 Series Bundles--7140 |
|
|
CISCO7140-2FE/VPN |
7140-2FE VPN Bundle, ISM, 2xFE, 2xAC PS, IPSEC DES |
|
C7140-2FE/2VPN/K8 |
7140-2FE VPN Bundle, ISM & ISA, 2xFE, 2xAC PS, IPSEC DES |
|
C7140-2FE/2VPN/K9 |
7140-2FE VPN Bundle, ISM & ISA, 2xFE, 2xAC PS, IPSEC 3DES |
|
C7140-2FE/VPN/K9 |
7140-2FE VPN Bundle, ISM, 2xFE, 2xAC PS, IPSEC 3DES |
|
Cisco 7100 Port Adapters |
|
|
PA-FE-TX |
1-port Fast Ethernet 100BaseTx Port Adapter |
|
PA-FE-FX |
1-port Fast Ethernet 100BaseFx Port Adapter |
|
PA-2FE-TX |
2-port Fast Ethernet 100BaseTx Port Adapter |
|
PA-2FE-FX |
2-port Fast Ethernet 100BaseFx Port Adapter |
|
PA-2FEISL-TX |
2-port Token Ring ISL 100BaseTx Port Adapter |
|
PA-2FEISL-FX |
2-port Token Ring ISL 100BaseFx Port Adapter |
|
PA-4E |
4-port Ethernet 10BaseT Port Adapter |
|
PA-8E |
8-port Ethernet 10BaseT Port Adapter |
|
PA-5EFL |
5-port Ethernet 10BaseFL Port Adapter |
|
PA-4T+ |
4-port Serial Port Adapter, Enhanced |
|
PA-8T-V35 |
8-port Serial, V.35 Port Adapter |
|
PA-8T-232 |
8-port Serial, 232 Port Adapter |
|
PA-8T-X21 |
8-port Serial, X.21 Port Adapter |
|
PA-4R-DTR |
4-port Dedicated Token Ring, 4/16Mbps, HDX/FDX Port Adapter |
|
PA-GE |
Gigabit Ethernet Port Adapter |
|
PA-H |
1-port HSSI Port Adapter |
|
PA-2H |
2-port HSSI Port Adapter |
|
PA-A3-T3 |
1-port ATM Enhanced DS3 Port Adapter |
|
PA-A3-E3 |
1-port ATM Enhanced E3 Port Adapter |
|
PA-A3-OC3MM |
1-port ATM Enhanced OC3c/STM1 Multimode Port Adapter |
|
PA-A3-OC3SMI |
1-port ATM Enhanced OC3c/STM1 Single mode (IR) Port Adapter |
|
PA-A3-OC3SML |
1-port ATM Enhanced OC3c/STM1 Single mode (LR) Port Adapter |
|
PA-4E1G/75 |
4-port E1 G.703 Serial Port Adapter (75ohm/Unbalanced) |
|
PA-4E1G/120 |
4-port E1 G.703 Serial Port Adapter (120ohm/Balanced) |
|
PA-E3 |
1-port E3 Serial Port Adapter with E3 DSU |
|
PA-2E3 |
2-port E3 Serial Port Adapter with E3 DSUs |
|
PA-T3 |
1-port T3 Serial Port Adapter with T3 DSUs |
|
PA-2T3 |
2-port T3 Serial Port Adapter with T3 DSUs |
|
PA-MC-2T1 |
2-port multichannel T1 port adapter with integrated CSU/DSUs |
|
PA-MC-2E1/120 |
2-port multichannel E1 port adapter with G.703 120ohm interf |
|
PA-MC-4T1 |
4-port multichannel T1 port adapter with integrated CSU/DSUs |
|
PA-MC-8T1 |
8-port multichannel T1 port adapter with integrated CSU/DSUs |
|
PA-MC-8E1/120 |
8-port multichannel E1 port adapter with G.703 120ohm interf |
|
PA-POS-OC3MM |
1-port Packet/SONET OC3c/STM1 Multimode Port Adapter |
|
PA-POS-OC3SMI |
1-port Packet/SONET OC3c/STM1 Single mode (IR) Port Adapter |
|
PA-POS-OC3SML |
1-port Packet/SONET OC3c/STM1 Single mode (LR) Port Adapter |
|
SM-ISM |
Integrated Services Module for IPSec & MPPE encryption |
|
SA-ISA |
Integrated Services Adapter for IPSec or MPPE encryption |
|
PA-4B-U |
4-port BRI Port Adapter, U Interface |
|
PA-8B-S/T |
8-port BRI Port Adapter, S/T Interface |
For More Information
See the Cisco 7100 series Web site: http://www.cisco.com/go/7100
Cisco VPN 3000 Family
The Cisco VPN 3000 Concentrator Series--A family of purpose-built, remote access Virtual Private Network (VPN) platforms that incorporates high availability, high performance and scalability with the most advanced encryption and authentication techniques available today. Customers can greatly reduce costs by leveraging their ISPs' infrastructure and eliminate costly leased lines. This series supports small offices as well as large organizations with up to 10,000 simultaneous remote users per unit. With load balancing configured, multiple units can be clustered to enable unlimited remote access users. It also supports the widest range of VPN clients including Certicom MovianVPN client, Microsoft 2000 L2TP/IPsec Client, and Microsoft PPTP for Windows 95/98/ME/NT/2000/XP.
The Cisco VPN 3002 Hardware Client--Combines the best capabilities of a software client with the reliability and stability of a dedicated hardware platform, and scales to tens of thousands of users. It sets up connections to a variety of Cisco VPN concentrators, including the VPN 3000 series and PIX firewalls.
When to Sell
|
Sell This Product |
When a Customer Needs These Features |
|---|---|
|
VPN 3005 and 3015 Concentrators |
|
|
VPN 3030 and 3060 Concentrators |
|
|
VPN 3080 Concentrator |
|
|
VPN 3000 Client |
|
|
VPN 3002 Hardware Client |
|
Key Features
- Cisco VPN 3000 Series Concentrators
- Support for industry standard IPSec DES/3DES and Cisco IPSec/NAT for VPN Access through Port Address Translation firewalls
- Unlimited-use license for Cisco VPN Client distribution included at no cost
- Supports standard authentication: RADIUS, SDI Tokens, and Digital Certificates
- VPN load balancing allows for multiple units to cluster as a single shared pool
- Cisco VPN 3002 Hardware Client
- Works with most operating systems, including Windows, Linux, Solaris, MAC, etc.
- Auto-upgrade capability automates upgrades with no user intervention required
- Client technology employs push policy and automatic address assignment from the central site concentrator, enabling virtually unlimited scalability
Competitive Products
|
|
Specifications
Cisco VPN 3000 Series Concentrators
|
Feature |
VPN 3005 |
VPN 3015 |
VPN 3030 |
VPN 3060 |
VPN 3080 |
|---|---|---|---|---|---|
|
Simultaneous Users |
100 |
100 |
1500 |
5000 |
10,000 |
|
Encryption Throughput |
4 Mbps |
4 Mbps |
50 Mbps |
100 Mbps |
100 Mbps |
|
Encryption Method |
Software |
Software |
Hardware |
Hardware |
Hardware |
|
Encryption (SEP) Module |
0 |
0 |
1 |
2 |
4 |
|
Redundant SEP |
No |
No |
Optional |
Optional |
Yes |
|
Expansion Slots |
0 |
4 |
3 |
2 |
N/A |
|
Upgradeable |
No |
Yes |
Yes |
N/A |
N/A |
|
Memory |
32 MB (fixed) |
128 MB |
128 MB |
256 MB |
256 MB |
|
Hardware Configuration |
1U, Fixed |
2U, Scalable |
2U, Scalable |
2U, Scalable |
2U |
|
Power Supply |
Single |
Single, with a dual option |
Single, with a dual option |
Single, with a dual option |
Dual |
|
Client License |
Unlimited |
Unlimited |
Unlimited |
Unlimited |
Unlimited |
|
Dimensions (HxWXD) |
1.75 x 17.5 x 11.5 in. |
3.5 x 17.5 x 14.5 in. |
3.5 x 17.5 x 14.5 in. |
3.5 x 17.5 x 14.5 in. |
3.5 x 17.5 x 14.5 in. |
Cisco VPN 3002 Hardware Client
|
Feature |
VPN 3002 Hardware Client |
|---|---|
|
Hardware Processor |
Motorola PowerPC processor; Dual flash image architecture |
|
Network Interfaces |
CPVN3002-K9: One Public 10/100Mbps RJ-45 Ethernet Interface and One Private Port 10/100Mbps RJ-45 Ethernet Interface CVPN3002-8E-K9: One Public 10/100Mbps RJ-45 Ethernet Interface and Eight Private Port 10/100Mbps RJ-45 Ethernet Interfaces via AUTO-MDIX switch |
|
Physical Dimensions |
1.967 x 8.6 x 6.5 in. (5 x 8.6 x 16.51 cm) |
|
Power Supply |
External AC Operation: 100-240V at 50/60 Hz with universal power factor correction; 4 foot cord included and international "pigtail" power cord selection |
|
Tunneling Protocol Support |
IPsec with IKE key management |
|
Monitoring & Configuration |
Event logging; SNMP MIB-II support Embedded management interface is accessible via console port or local web browser; SSH/SSL |
|
Encryption Algorithms, Key Management & Authentication Algorithms |
56-bit DES (IPsec); 168-bit Triple DES (IPsec) |
|
Authentication and Accounting Servers |
Support for redundant external authentication servers including RADIUS Microsoft NT Domain authentication, X.509v3 Digital Certs (PKC7-PKCS10) |
|
Configuration Modes |
Client Mode--acts as client, receives random IP address from Concentrator Pool; Uses NAPT to hide stations 3002; Network behind 3002 is unroutable; few configuration parameters Network Extension Mode--acts as site-to-site device; Uses NAPT to hide stations only to Internet (stations visible to central site); Network behind 3002 is routable; additional configuration parameters |
Selected Part Numbers and Ordering Information
|
Cisco VPN 3000 Concentrator |
|
|
CVPN3005-E/FE-BUN |
CVPN3005-E/FE hw set, sw, client, & US power cord |
|
CVPN3015-NR-BUN |
CVPN3015-NR non-redundant hw set, sw, client, & US power cord |
|
CVPN3030-NR-BUN |
CVPN3030-NR non-redundant hw set, sw, client, & US power cord |
|
CVPN3030-RED-BUN |
CVPN3030-RED redundant hw set, sw, client, & US power cord |
|
CVPN3060-NR-BUN |
CVPN3060-NR non-redundant hw set, sw, client, & US power cord |
|
CVPN3060-RED-BUN |
CVPN3060-RED redundant hw set, sw, client, & US power cord |
|
CVPN3080-RED-BUN |
CVPN3080-RED redundant hw set, sw, client, & US power cord |
|
Cisco VPN 3000 Series Products 8 |
|
|
CVPN3000-MONAPP |
PN 3005, 3015, 3030, 3060, 3080 Concentrators Monitor App |
|
Cisco VPN 3000 Series Upgrades |
|
|
CVPN1530-UPG-RED |
Cisco VPN 3015 To 3030 (Redundant) Upgrade Kit |
|
CVPN1560-UPG-NR |
Cisco VPN 3015 To 3060 (Non-Redundant) Upgrade Kit |
|
CVPN1560-UPG-RED |
Cisco VPN 3015 To 3060 (Redundant) Upgrade Kit |
|
CVPN1580-UPG-RED |
Cisco VPN 3015 To 3080 (Redundant) Upgrade Kit |
|
CVPN3030-UPG-RED |
Cisco VPN 3030 To 3080 (Redundant) Upgrade Kit |
|
CVPN3060-UPG-NR |
Cisco VPN 3030 To 3060 (Non-Redundant) Upgrade Kit |
|
CVPN3080-UPG-R/R |
Cisco VPN 3030 (Redundant) to 3080 (Redundant) Upgrade Kit |
|
CVPN3080-UPG-RED |
Cisco VPN 3030 To 3080 (Redundant) Upgrade Kit |
|
CVPN3060-UPG-RED |
Cisco VPN 3030 To 3060 (Redundant) Upgrade Kit |
|
CVPN6060-UPG-RED |
Cisco VPN 3060 To 3060 (Redundant) Upgrade Kit |
|
CVPN6080-UPG-RED |
Cisco VPN 3060 To 3080 (Redundant) Upgrade Kit |
|
CVPN3060-UPG-R/R |
Cisco VPN 3030 (Redundant) to 3060 (Redundant) Upgrade Kit |
|
CVPN6080-UPG-R/R |
Cisco VPN 3060 (Redundant) to 3080 (Redundant) Upgrade Kit |
|
Cisco VPN 3000 Series Accessories |
|
|
CVPN3000-PWR= |
Cisco VPN 3000 Concentrator Power Supply |
|
Cisco VPN 3000 Series Basic Maintenance |
|
|
CON-SNT-PKG4 |
SMARTnet Maintenance for Cisco CVPN3005-E/FE-BUN |
|
CON-SNT-PKG8 |
SMARTnet Maintenance for Cisco CVPN3015-NR-BUN |
|
CON-SNT-PKG11 |
SMARTnet Maintenance for Cisco CVPN3030-NR-BUN |
|
CON-SNT-PKG13 |
SMARTnet Maintenance for Cisco CVPN3030-RED-BUN |
|
CON-SNT-PKG14 |
SMARTnet Maintenance for Cisco CVPN3060-RED-BUN |
For More Information
See the Cisco VPN 3000 series Web site: http://www.cisco.com/go/vpn3000