Cisco 2811 ROUTER 2FE 1NME 4HWIC 2PVDM 2AIM IP BASE WITH A/C POWER SUPPLY 仕様ガイド
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 6 of 20
Secure Networking-Feature and Benefits
The Cisco 2800 Series features enhanced security functionality as shown in Table 3. Integrated on the motherboard of every Cisco 2800 Series router
is hardware-based encryption acceleration that offloads the encryption processes to provide greater IPsec throughput with less overhead for the router
CPU when compared with software-based solutions. With the integration of optional VPN modules (for enhanced VPN tunnel count), Cisco IOS
Software-based firewall, network access control, or content-engine network modules, Cisco offers the industry's most robust and adaptable security
solution for branch-office routers.
Table 3.
Secure Networking-Feature and Benefits
Feature
Benefit
Cisco IOS Software Firewall
•
Sophisticated security and policy enforcement provides features such as stateful, application-based
filtering (context-based access control), per-user authentication and authorization, real-time alerts,
transparent firewall, and IPv6 firewall.
filtering (context-based access control), per-user authentication and authorization, real-time alerts,
transparent firewall, and IPv6 firewall.
Onboard VPN Encryption Acceleration
•
The Cisco 2800 Series supports IPsec Digital Encryption Standard (DES), Triple DES (3DES),
Advanced Encryption Standard (AES) 128, AES 192, and AES 256 cryptology without consuming
an AIM slot.
Advanced Encryption Standard (AES) 128, AES 192, and AES 256 cryptology without consuming
an AIM slot.
Network Admissions Control (NAC)
•
A Cisco Self-Defending Network initiative, NAC seeks to dramatically improve the ability of networks
to identify, prevent, and adapt to threats by allowing network access only to compliant and trusted
endpoint devices.
to identify, prevent, and adapt to threats by allowing network access only to compliant and trusted
endpoint devices.
Multiprotocol Label Switching (MPLS)
VPN Support
VPN Support
•
The Cisco 2800 Series supports specific provider edge functions plus a mechanism to extend
customers' MPLS VPN networks out to the customer edge with virtual routing and forwarding (VRF)
firewall and VRF IPsec. For details on the MPLS VPN support on the different versions of the Cisco
2800 Series, please check the feature navigator tool on
customers' MPLS VPN networks out to the customer edge with virtual routing and forwarding (VRF)
firewall and VRF IPsec. For details on the MPLS VPN support on the different versions of the Cisco
2800 Series, please check the feature navigator tool on
http://www.cisco.com
.
USB eToken Support
•
USB eTokens from Aladdin Knowledge Systems (available at
http://www.aladdin.com/etoken/cisco/
)
provides secure configuration distribution and allows users to store VPN credentials for deployment
AIM-Based Security Acceleration
•
Support for an optional dedicated security AIM can deliver 2 to 3 times the performance of
embedded encryption capabilities with Layer 3 compression.
embedded encryption capabilities with Layer 3 compression.
Intrusion Prevention System (IPS)
•
Flexible support is offered through Cisco IOS
®
Software or a high-performance intrusion-detection-
system (IDS) network module.
•
The ability to load and enable selected IDS signatures in the same manner as Cisco IDS Sensor
Appliances
Appliances
Advanced Application Inspection
and Control
and Control
•
Cisco IOS Firewall includes HTTP and several email inspection engines that can be used to detect
misuse of port 80 and email connectivity.
misuse of port 80 and email connectivity.
Cisco Easy VPN Remote and
Server Support
Server Support
•
The Cisco 2800 Series eases administration and management of point-to-point VPNs by actively
pushing new security policies from a single headend to remote sites.
pushing new security policies from a single headend to remote sites.
Dynamic Multipoint VPN (DMVPN)
•
DMVPN is a Cisco IOS Software solution for building IPsec + generic routing encapsulation (GRE)
VPNs in an easy and scalable manner.
VPNs in an easy and scalable manner.
URL Filtering
•
URL filtering is available onboard with an optional content-engine network module or external with a
PC server running the URL filtering software.
PC server running the URL filtering software.
Cisco Router and Security Device
Manager (SDM)
Manager (SDM)
•
This intuitive, easy-to-use, Web-based device-management tool is embedded within the Cisco IOS
Software access routers; it can be accessed remotely for faster and easier deployment of Cisco
routers for both WAN access and security features.
Software access routers; it can be accessed remotely for faster and easier deployment of Cisco
routers for both WAN access and security features.