Белая книга для Cisco Cisco ASA 5585-X Adaptive Security Appliance
Cisco and Public Sector Cyberdefense
21
Prevention in the WAN
In addition to incorporating all of the security services mentioned in previous sections, the emphasis for the
headquarters router/switch is twofold:
headquarters router/switch is twofold:
• To provide highly scalable VPN and encryption services
• To enable high-touch packet services to inspect, identify, prioritize, or reject traffic according to policy
The Cisco ASR 1000 Series Aggregation Services Routers are Cisco’s premier WAN routing platforms that represent
a dramatic advance in technology innovation based on the company’s understanding of evolving customer
requirements. These routers set new expectations for industry-leading performance and scalability of embedded
services atop a secure, resilient hardware and software architecture and are perfect suited to help provide federal
agencies with high-performance WAN services in a secure and resilient manner.
a dramatic advance in technology innovation based on the company’s understanding of evolving customer
requirements. These routers set new expectations for industry-leading performance and scalability of embedded
services atop a secure, resilient hardware and software architecture and are perfect suited to help provide federal
agencies with high-performance WAN services in a secure and resilient manner.
A key functionality of the ASR 1000 Series router as a
WAN routing platform is to provide secure connectivity to
remote regional offices and remote users over a private
WAN or cost-effective, third-party Internet access. A
VPN provides the highest possible level of security
through encryption and authentication technologies
that protect data traversing the VPN from unauthorized
access. In addition to standard remote-access solutions
such as MPLS VPN and IPsec VPN, the Cisco ASR 1000
Series also supports innovations such as
WAN routing platform is to provide secure connectivity to
remote regional offices and remote users over a private
WAN or cost-effective, third-party Internet access. A
VPN provides the highest possible level of security
through encryption and authentication technologies
that protect data traversing the VPN from unauthorized
access. In addition to standard remote-access solutions
such as MPLS VPN and IPsec VPN, the Cisco ASR 1000
Series also supports innovations such as
Cisco Group
Encrypted Transport VPN (GET VPN).Cisco GET VPN
is a next-generation WAN solution that defines a new
category of VPN, one that does not use traditional point-
to-point tunnels. This new security model introduces the
concept of “trusted” group member routers, which use a
common security methodology that is independent of any
point-to-point relationship. By eliminating point-to-point
tunnels, Cisco GET VPNs can scale much higher while
accommodating multicast applications and instantaneous
branch office-to-branch office transactions. (See Figure 8.)
is a next-generation WAN solution that defines a new
category of VPN, one that does not use traditional point-
to-point tunnels. This new security model introduces the
concept of “trusted” group member routers, which use a
common security methodology that is independent of any
point-to-point relationship. By eliminating point-to-point
tunnels, Cisco GET VPNs can scale much higher while
accommodating multicast applications and instantaneous
branch office-to-branch office transactions. (See Figure 8.)
Figure 8 Cisco Group Encrypted Transport VPN
Continue
Previous