Cisco 1720 Instrukcja Użytkownika Pobierz pdf (Strona 3)

Page 3 of 14

The Power of Cisco IOS Software for VPNs. The industry

defacto standard networking software for the Internet and

private WANs, Cisco IOS software delivers the most

comprehensive set of VPN features on security, quality of

service, management, and reliability/scalability. The Cisco

1720 router, with full Cisco IOS support and modular,

integrated hardware, is designedfor the new worldof VPNs.

It deﬁnes a new class of VPN access routers that enables

practical, cost-effective, wide-scale VPN deployment.

Consider the following VPN requirements:

Security is crucial for a VPN because the company’s data

traversesashared(untrusted)WANandtheinternalnetwork

of each ofﬁce is exposed to this shared WAN. Advanced

securityfeaturesareintegratedintoCiscoIOSsoftwareof the

Cisco 1720 router:

• Firewall—The optional Cisco IOS Firewall protects the

LAN from attacks. Context-based access control (CBAC)

provides dynamic or stateful ﬁltering on a per-application

basis, permitting legitimate trafﬁc to enter the LAN only

while a session is active. CBAC capability is considered

essential for effective ﬁrewall functionality. Cisco IOS

Firewall also supports other key features such as Java

blocking, denial-of-service detection and prevention, audit

trail, and real-time alerts.

• Encryption—Optional IP Security Data Encryption

Standard (IPSec DES) and Triple DES encryption up to

168-bit key length provides the strongest standards-based

encryption to ensure conﬁdentiality, data integrity, and

data origin authenticity while traversing a shared WAN.

• Tunneling—Several optional tunneling standards are

supported: IPSec, generic routing encapsulation (GRE),

Layer 2 Forwarding(L2F), and Layer 2 Tunneling Protocol

(L2TP). L2F and L2TP support allows mobile workers to

dial in to a service provider’s local points of presence

(POPs), tunnel trafﬁc back to the Cisco 1720, and access

resources such as databases residing on the LAN of the

router. When the router is used in this way, it is called a

home gateway or tunnel server. This setup obviates the

need for a separate remote access server (RAS) at the small

to medium business and saves on long-distance calling

charges. L2TP can also be used to tunnel non-IP trafﬁc for

connecting remote ofﬁces or users (IPSec tunneling

supports only IP trafﬁc).

• Devise authentication and key management—Support for

Internet Key Exchange (IKE), X.509v3 digital certiﬁcate,

and Certiﬁcate Enrollment Protocol (CEP) with certiﬁcate

authorities such as Verisign and Entrustensures device and

data authenticity and enables scalability to very large IPSec

networks through automated key management.

• VPN client software—Any industry-standard IPSec and

L2TP clients will interoperate with Cisco IOS software.

• User Authentication—User authentication provides

support for Password Authentication Protocol (PAP),

Challenge Handshake Authentication Protocol (CHAP),

TACACS+, Remote Access Dial-In User Service (RADIUS),

and token authentication.

Quality of Service (Trafﬁc Management). For a VPN to

provide the highest level of availability and predictability,

quality-of-service (QoS) controls are needed with regards to

which applications or users have access to how much

bandwidth. Time-sensitive or mission-critical applications

(for example, Enterprise Resource Planning applications

such as PeopleSoft) should get priority over less-critical

trafﬁc (for example, push applications such as Pointcast).

TheCisco1720router supports leadershipQoSfeaturessuch

as:

• Committed access rate (CAR) performs three important

functions on a per-application or per-user level: 1) Classify

trafﬁc type (for example, is it PeopleSoft or Pointcast

trafﬁc?); 2) Set the maximum bandwidth allowed for that

trafﬁc (also known as “trafﬁc policing” or “rate

shaping”—for example, PeopleSoft gets 1.0 Mbps,

Pointcast gets 28 kbps); and 3) Prioritize the trafﬁc by

giving each trafﬁc type an “IP Precedence number”.

• Policy routing can also classify and prioritize trafﬁc by IP

Precedence, but it also directs which type of trafﬁc should

gotowhichinterfaceontherouter.However, it does not set

the allowed bandwidth like CAR.

• Weighted Fair Queueing (WFQ) provides consistent

response time. It schedules low-bandwidth trafﬁc to the

frontofthequeueto reduce responsetime,andfairlyshares

the remaining bandwidth among high-bandwidth

applications.

• Generic Trafﬁc Shaping (GTS) avoids congestion by

controlling and smoothing outbound WAN trafﬁc to a

speciﬁed bandwidth. This feature is useful when the

receiving router on the other edge of the WAN cannot

handle the incoming trafﬁc bandwidth.

• Resource Reservation Protocol (RSVP) allows an

application to have reserved guaranteed bandwidth

throughout the entire WAN, from one end to the other.

1 2 3 4 5 6 7 8 ... 13 14

Komentarze do niniejszej Instrukcji

Brak uwag

Cisco 1720 Instrukcja Użytkownika Strona 3

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking Cisco 1720