Cisco Cisco IOS Software Release 12.4(4)T 集約されたデータ
Product Bulletin
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 299
3) Release 12.4(22)T Highlights
Table 2.
Release 12.4(20)T Feature Highlights
3.1.4) Certificate IP Address Extension Support
3.1.5) Time-based Anti-replay on VPN
Services Adapter (VSA)
3.1.5) Time-based Anti-replay on VPN
Services Adapter (VSA)
3.1) Cisco IOS Security
3.1.1) IOS Firewall Support for Trusted Relay Point
Cisco IOS firewall enhances security for Unified Communications (UC) by supporting Trusted Relay
Point (TRP). This solution provides a trusted anchor within the network for seamless UC related
services including media recording, QoS enforcement, and intelligent firewall traversal.
Cisco IOS firewall enhances security for Unified Communications (UC) by supporting Trusted Relay
Point (TRP). This solution provides a trusted anchor within the network for seamless UC related
services including media recording, QoS enforcement, and intelligent firewall traversal.
Figure 9.
IOS Firewall Trusted Relay Point Use Case Scenario
Trusted Relay Point is a multi-functional architecture covering Quality of Service (QoS), Optimized
Edge Routing (OER), and virtual network traversal. It eliminates the deep packet inspection and
overhead associated with firewalling by signaling the firewall to permit traffic.
Edge Routing (OER), and virtual network traversal. It eliminates the deep packet inspection and
overhead associated with firewalling by signaling the firewall to permit traffic.
Benefits of UC-Trusted Firewall Control
●
Provides authentication required to open port requests on the firewall
●
Supports asymmetric signaling/media paths control, cases where signaling and media may
not traverse the same paths in the network (such as internal “firewalling”) and might
ordinarily be blocked
not traverse the same paths in the network (such as internal “firewalling”) and might
ordinarily be blocked
●
Provides encrypted signaling between voice entities, cases where the firewall has the group
key to look at the signaling and allow pinholes for media
key to look at the signaling and allow pinholes for media
●
Ports for media and signaling remain open for session length only, providing more secure
sessions
sessions
Hardware