Series Features Overview
Cisco 2800 Series
Security Features
continued
Network Foundation Protection
• Control Plane Policing (CPP)
• AutoSecure
• CPU/Memory Threshold
• Secure Shell (SSH)
• Access Control List (ACL)
• Command Line Interface (CLI)
• Committed Access Rate (CAR)
URL Filtering
• Onboard with an optional content-engine
network module
• Local URL filtering in Cisco IOS software
based on external server
Onboard USB 1.1 port
• 1 or 2 onboard USB 1 .1 ports
• Secure token and Flash memory support
Security Solutions
• Network Admission Control (NAC)
• Voice and Video Enabled IPSec VPN (V3PN)
Optional Security Modules
• IDS/IPS Network Modules (NM-CIDS portfolio)
• VPN and Encryption Advanced Integration
Modules (AIM-VPN portfolio)
• Content Engine Network Modules (NM-CE
portfolio)
Cisco Router and Security Device Manager (SDM)
• Ships by default
Certifications
• ICSA IPSec
• ICSA Firewall
• Common Criteria IPSec (EAL4) (in process)
• Common Criteria Firewall (EAL4+) (in process)
• FIPS 140-2, Level 2 (in process)
expands the potential applications of the Cisco
2800 Series beyond traditional routing, while
maintaining the benefits of integration .
Secure Networking
Integrated on the motherboard of every
Cisco 2800 Series router is hardware-based
encryption acceleration that offloads the
encryption processes to provide greater IPSec
throughput with less overhead for the router
CPU, when compared with software-based
solutions . With the optional integration of VPN
modules (for enhanced performance and tunnel
count), content engine network modules for URL
filtering, or intrusion-prevention network modules,
combined with the rich Cisco IOS Software
security feature set that includes firewall,
network admission control (NAC), voice and
video-enabled VPN (V3PN), intrusion prevention,
and Dynamic Multipoint VPN (DMVPN), Cisco
offers the industry’s most robust and adaptable
security solution for branch-office routers .
IP Telephony
The Cisco 2800 Series allows network managers
to provide scalable analog and digital telephony
without investing in a one-time solution, giving
enterprises greater control of their converged
telephony needs . Using voice and fax modules,
the Cisco 2800 Series can be deployed for
applications ranging from voice over IP (VoIP)
and voice over Frame Relay (VoFR) transport
to robust, centralized solutions using the Cisco
Survivable Remote Site Telephony (SRST)
solution or distributed call processing using
Cisco CallManager Express (CCME) . The
architecture is highly scalable with the ability to
support up to 96 IP phones, 12 T1/E1s trunks,
52 foreign-exchange-station (FXS) ports, or 36
foreign-exchange-office (FXO) ports concurrent
with data routing and other services .
Cisco 2800 Series
38
Benefits and Advantages
continued
Security Features
IPSec VPN
• Advanced Encryption Standard (AES) 128, 192,
and 256; Triple Data Encryption Standard
(3DES); and DES cryptology support
• Embedded hardware-based VPN acceleration
on the motherboard
• Cisco Easy VPN remote; Cisco Easy VPN server
• Dynamic Multipoint VPN (DMVPN)
• Virtual Tunnel Interfaces (VTI)
• VPN QoS— Preclassification support
• Support for up to 1500 VPN tunnels with the
AIM-VPN module
Multiprotocol Label Switching (MPLS) VPN Support
• Specific provider edge capabilities
• Virtual Routing and Forwarding (VRF) firewall
and VRF IPSec
Cisco IOS IPS
• Inline ability to drop packet, reset connection,
locally shun, or send an alarm; dynamically
load and enable selected attack signatures in
the same manner as Cisco IPS Appliances
IOS WebVPN (SSL VPN)
• Secure remote access for mobile users
without installing PC client software
• Integrated into the router— no separate
appliance required
• Cisco 2801 supports up to 25 users, Cisco
2811 and 2821 support up to 50 users, and
Cisco 2851 supports up to 75 users .
• Requires IOS WebVPN feature license
FL-WEBVPN-10 or FL-WEBVPN-25 (purchase
multiple quantities to add up to the desired
number of users)
• Requires an IOS security feature set (IOS
security feature set is included in all secure
router bundles)
Cisco IOS Firewall
• Feature rich, stateful firewall
• Per-user authentication and authorization
• Real-time alerts
• Transparent firewall
• IPv6 firewall
• VRF-Aware firewall
• Advanced Application Inspection and Control
– HTTP inspection engine
– E-mail inspection engines (SMTP, ESMTP,
IMAP, POP)
39
Features
Details
Multiprotocol Label Switching (MPLS)
VPN Support
Specific Provider Edge (PE) capabilities
Intrusion Prevention System (IPS)
More than 1600 IPS signatures supported in Cisco IOS Software,
with the ability to load and enable selected IPS signatures
Optional high-performance IPS Network Module with more than
2000 signatures
URL Filtering
Onboard filtering with an optional content engine network module
Local URL filtering in Cisco IOS Software based on external server
Cisco Router and Security Device
Manager (SDM), version 2.0 and
Above
Comes standard on all Cisco 2800 Series routers
Media Authentication and Encryption
Standards-based authentication and encryption using secure RTP
provides a secure environment for IP Communications
Advanced Encryption Standard (AES) 256-bit cryptography support
IP TELEPHONy FEATURES
IP Phone Support
Optional integrated power supply with inline power, 802 .3af support
Up to 360W of inline power (Note: requires power supply upgrade)
Analog Voice Support
One EVM on the Cisco 2821 and Cisco 2851
Up to 52 FXS and 36 FXO ports
Digital Voice Support
Up to 192 calls
DSP (PVDM) Slots on
Motherboard
Up to three DSP slots on motherboard
Local Conferencing and Transcoding
Cisco CallManager Express (CCME)
Up to 96 phones
Summary of Contents for 1700 series
Page 107: ...Notes 210 Notes 211 ...