Dynamic Multipoint VPN (DMVPN), Cisco offers
the industry’s most robust and adaptable security
solution for branch office routers .
IP Telephony
The Cisco 3800 Series allows network managers
to provide scalable analog and digital telephony
without investing in a one-time solution, giving
enterprises greater control of their converged
telephony needs . Using voice and fax modules,
the Cisco 3800 Series can be deployed for
applications ranging from VoIP and Voice-
over-Frame Relay (VoFR) transport to robust,
centralized solutions using the Cisco Survivable
Remote Site Telephony (SRST) solution
or distributed call processing using Cisco
CallManager Express (CCME) . The architecture
is highly scalable with the ability to support up
to 168 IP phones with the 3825 router and 240
IP phones with the 3845 router, 24 T1/E1s trunks,
88 foreign-exchange-station (FXS) ports, or 56
foreign-exchange-office (FXO) ports concurrent
with data routing and other services .
Benefits and Advantages
continued
Cisco 3800 Series
Security Features
IPSec VPN
• Advanced Encryption Standard (AES) 128,
192, and 256 bit keys; Triple Data Encryption
Standard (3DES); and DES cryptology support
• Embedded hardware-based VPN acceleration
on the motherboard
• Cisco Easy VPN remote
• Cisco Easy VPN server
• Dynamic Multipoint VPN (DMVPN)
• Virtual Tunnel Interfaces (VTI)
• 802 .1x
• VPN QoS—Preclassification support
• Support for up to 2500 tunnels with AIM-VPN
Multiprotocol Label Switching (MPLS) VPN
Support
• Specific provider edge capabilities
• Virtual routing and forwarding (VRF) firewall
and VRF IPSec
Cisco IOS IPS
• Inline ability to drop packet, reset connection,
locally shun, or send an alarm
• Dynamically load and enable selected attack
signatures in the same manner as Cisco IPS
Appliances
Network Foundation Protection
• Control Plane Policing (CPP)
• AutoSecure
• CPU/Memory Threshold
• Secure Shell (SSH)
• Access Control List (ACL)
• Command Line Interface (CLI)
• Committed Access Rate (CAR)
IOS WebVPN (SSL VPN)
• Secure remote access for mobile users
without installing PC client software
• Integrated into the router —no separate
appliance required
• Cisco 3825 and 3845 support up to 100 users
• Requires IOS WebVPN feature license
FL-WEBVPN-10, FL-WEBVPN-25 or
FL-WEBVPN-100 (purchase multiple quantities
to add up to the desired number of users)
• Requires an IOS security feature set (IOS
security feature set is included in all secure
router bundles)
Media Authentication and Encryption
• Standards-based authentication and
encryption using secure RTP provides a
secure environment for IP Communications
• Advanced Encryption Standard (AES) 128-bit
cryptography support
Cisco IOS Firewall
• Feature rich, stateful firewall
• Per-user authentication and authorization
• Real-time alerts
• Transparent firewall
• IPv6 firewall
• VRF-Aware firewall
• Advanced Application Inspection and Control
– HTTP inspection engine
– E-mail inspection engines (SMTP, ESMTP,
IMAP, POP)
Benefits and Advantages
continued
Cisco 3800 Series
48
offering up to three times the performance, new
embedded service options, and dramatically
increased slot performance and density while
maintaining support for most of the more
than 90 existing modules that are available
today for the Cisco 3700 Series . This helps
to ensure continuing investment protection to
accommodate network expansion or changes in
technology as new services and applications are
deployed . By integrating the functions of multiple
separate devices into a single, compact unit,
Cisco 3800 Series Integrated Services Routers
dramatically reduce the cost and complexity
of managing remote networks . The Cisco 3800
Series delivers multiple concurrent services
at wire-speed performance of up to T3/E3
speeds . The Cisco 3845 features a removable
motherboard, fan assembly, and supports high-
availability features such as online insertion
and removal (OIR) of like network modules, and
redundant integrated system and inline power
supplies .
Integrated Services
With the optional integration of numerous
services modules, the Cisco 3800 Series offers
the ability to easily integrate the functions of
standalone network appliances and components
into the Cisco 3800 Series chassis itself . Many
of these modules, such as the Cisco Network
Analysis Module, Cisco Unity Express™ Voice
Mail Module, Cisco Intrusion Prevention Module,
and Cisco Content Engine Module, have
embedded processors and hard drives that
allow them to run largely independently of the
router while allowing management from a single
management interface . This flexibility greatly
expands the potential applications of the Cisco
3800 Series beyond traditional routing, while
maintaining the benefits of integration . The Cisco
3845 Integrated Services Router is optimized for
the concurrent delivery of voice, video, and data
at T3 wire-rate performance . The architecture
provides high-performance embedded security
and voice processing for reliable delivery of
mission-critical traffic such as VoIP, business
video, and collaborative communications .
The Cisco 3845 is engineered to help customers
effectively scale deployment of services, offering
the following hardware features:
• Two built-in autosensing 10/100/1000
Ethernet ports
• One small form-factor pluggable (SFP) slot
gigabit Ethernet
• Two built-in USB ports
• Four network module slots for single-wide or
extended network modules, two double-wide
or extended double-wide network modules
(NME-XD), or two extension voice/fax modules
(EVM-HD)
• Four single-wide or two double-wide HWICs
• Two advanced integration modules (AIMs)
• Four Packet Voice DSP Modules (PVDM) slots
for voice processing
• Onboard IP Security (IPsec) acceleration
• 802 .3af-compliant inline power for IP phones
or wireless access points
The Cisco 3825 is engineered to help customers
effectively scale deployment of services, offering
the following hardware features:
• Two built-in autosensing 10/100/1000
Ethernet ports
• One SFP slot gigabit Ethernet
• Two built-in USB ports
• Two network module slots for single-wide or
extended network modules, one double-wide
or extended double-wide network module
(NME-XD), or one extension voice/fax module
(EVM-HD)
• Four single-wide or two double-wide HWICs
• Two AIMs
• Four PVDM slots for voice processing
• Onboard IPSec encryption acceleration
• 802 .3af-compliant inline power for IP phones
or wireless access points
• External Redundant Power Supply (RPS) for
system power and external redundant inline
power for IP phones
Secure Networking
Integrated on the motherboard of every Cisco
3800 Series router is hardware-based encryption
acceleration that offloads the encryption
processes to provide greater IPSec throughput
with less overhead for the router CPU when
compared with software-based solutions .
The integration of optional VPN modules (for
enhanced performance and tunnel count),
content-engine network modules for URL
filtering, or intrusion prevention network modules,
combined with the rich Cisco IOS Software
security feature set that includes firewall,
Network Access Control (NAC), voice- and video-
enabled VPN (V3PN), intrusion prevention, and
49
Содержание 1700 series
Страница 107: ...Notes 210 Notes 211 ...