Cisco 2811 - Voice Security Bundle Router Manual page 41

Cisco 2800 Series
Benefits and Advantages
continued
Secure Networking
Integrated on the motherboard of every Cisco
2800 Series router is hardware-based encryption
acceleration that offloads the encryption
processes to provide greater IPsec throughput
with less overhead for the router CPU, when
compared with software-based solutions. With
the optional integration of VPN modules (for
enhanced performance and tunnel count), intrusion
prevention modules or NAC network modules for
network admission control, combined with the
rich Cisco IOS Software security feature set that
includes firewall, intrusion prevention, voice and
video-enabled VPN (V3PN), Group Encrypted
Transport (GET) VPN and Dynamic Multipoint VPN
(DMVPN), Cisco offers the industry's most robust
and adaptable security solution for branch-office
routers.
IP Telephony
The Cisco 2800 Series allows network managers
to provide scalable analog and digital telephony
without investing in a one-time solution, giving
enterprises greater control of their converged
telephony needs. Using voice and fax modules,
the Cisco 2800 Series can be deployed for
Security Features
IPsec VPN
• Advanced Encryption Standard (AES) 128, 192, and
256; Triple Data Encryption Standard (3DES); and
DES cryptology support
• Embedded hardware-based VPN acceleration on
the motherboard
• Cisco Easy VPN remote; Cisco Easy VPN server
• Dynamic Multipoint VPN (DMVPN)
• Group Encrypted Transport (GETVPN)
• Virtual Tunnel Interfaces (VTI)
• VPN QoS—Preclassification support
Multiprotocol Label Switching (MPLS) VPN Support
• Limited provider edge capabilities
• Virtual Routing and Forwarding (VRF) firewall and
VRF IPsec
78
applications ranging from voice over IP (VoIP)
and voice over Frame Relay (VoFR) transport
to robust, centralized solutions using the Cisco
Survivable Remote Site Telephony (SRST) solution
or distributed call processing using Cisco
CallManager Express (CCME). The architecture is
highly scalable with the ability to support up to 96
IP phones, 12 T1/E1s trunks, 52 foreign-exchange-
station (FXS) ports, or 36 foreign-exchange-office
(FXO) ports concurrent with data routing and other
services.
Video Surveillance
The Cisco ® Integrated Video Surveillance solution
enables you to rapidly deploy highly distributed,
IP-enabled video surveillance at your offices while
migrating traditional analog surveillance equipment
to IP. The solution based on Cisco 2800 and 3800
Series ISR offers the lowest total cost of ownership
(TCO) for the branch office, ease of integration
through network transparency, reliable data
interoperability, and maximized overall security.
It allows you to consolidate costly branch-office
servers and deploy new applications centrally while
still offering real-time access to physical security
video and data.
Cisco IOS IPS
• Inline ability to drop packet, reset connection,
locally shun, or send an alarm; dynamically load
and enable selected attack signatures in the same
manner as Cisco IPS Appliances. For broader
signature support and higher performance, look
at optional IPS AIM module for ISR.
IOS WebVPN (SSL VPN)
• Secure remote access for mobile users
without installing PC client software
• Integrated into the router— no separate
appliance required
• Cisco 2801 supports up to 75 users, Cisco 2811
and 2821 support up to 100 users, and Cisco
2851 supports up to 150 users with AIM-VPN/
SSL-2
• Requires IOS WebVPN feature license
FL-WEBVPN-10 or FL-WEBVPN-25 (purchase
multiple quantities to add up to the desired
number of users)
• Requires an IOS security feature set (IOS
security feature set is included in all secure router
bundles)
Security Features
continued
Cisco IOS Firewall
• Feature rich, stateful firewall
• Per-user authentication and authorization
• Real-time alerts
• Transparent firewall
• IPv6 firewall
• VRF-aware firewall
• Advanced Application Inspection and Control
– HTTP inspection engine
– E-mail inspection engines (SMTP, ESMTP, IMAP,
POP)
Network Foundation Protection
• Control Plane Policing (CPP)
• AutoSecure
• CPU/Memory Threshold
• Secure Shell (SSH)
• Access Control List (ACL)
• Command-Line Interface (CLI)
• Committed Access Rate (CAR)
URL Filtering
• Onboard with an optional content-engine
network module
• Local URL filtering in Cisco IOS software based
on external server
Series Features Overview
Features Details
Multiprotocol Label Switching (MPLS) Specific Provider Edge (PE) capabilities
VPN Support
Intrusion Prevention System (IPS) More than 1600 IPS signatures supported in Cisco IOS Software,
with the ability to load and enable selected IPS signatures
Optional high-performance IPS Network Module with more than
2000 signatures
Onboard filtering with an optional content engine network module
URL Filtering
Local URL filtering in Cisco IOS Software based on external server
Cisco Router and Security Device Comes standard on all Cisco 2800 Series routers
Manager (SDM), version 2.0 and Above
Standards-based authentication and encryption using secure RTP
Media Authentication and Encryption
provides a secure environment for IP Communications
Advanced Encryption Standard (AES) 256-bit cryptography support
IP Telephony Features
IP Phone Support Optional integrated power supply with inline power, 802.3af support
Up to 360W of inline power (Note: requires power supply upgrade)
Analog Voice Support One EVM on the Cisco 2821 and Cisco 2851
Up to 52 FXS and 36 FXO ports
Cisco 2800 Series
Onboard USB 1.1 port
• 1 or 2 onboard USB 1.1 ports
• Secure token and Flash memory support
Security Solutions
• Network Admission Control (NAC)
• Voice and Video Enabled IPsec VPN (V3PN)
Optional Security Modules
• Intrusion Prevention System (AIM-VPN-K9)
• VPN and Encryption Advanced Integration
Modules (AIM-VPN/SSL-2)
• Network Admission Control Network Module
(NME-NAC-K9)
Cisco Router and Security Device Manager (SDM)
• Ships by default
Certifications
• ICSA IPsec
• ICSA Firewall
• Common Criteria IPsec (EAL4) (in process)
• Common Criteria Firewall (EAL4+) (in process)
• FIPS 140-2, Level 2 (in process)
79