ISR Security Hardware Options

The Cisco Integrated Services Routers have additional hardware options that enhance the routers'

security capabilities. Here are some of the available hardware options:

■ Built-in VPN Acceleration is hardware-based encryption that offloads VPN processing from the router's internal CPU to improve VPN throughput.

■ High-Performance AIM is a VPN encryption advanced integration module used to terminate large numbers of VPN tunnels such as with DMVPN. The module supports 3DES and AES, which increases the router encryption and compression performance.

■ IDS Network Module (NM-CIDS) provides technologies to prevent a large range of security threats. IDS network modules also include correlation and validation tools to decrease the number of false positives.

■ Secure Voice is digital signal processor (DSP) slots on the ISR for use with packet voice/fax DSP modules (PVDM). These offer capabilities such as conferencing and transcoding. In addition, Secure Real-time Transport Protocol (SRTP) protects the entire voice payload by encryption, except for the header, which remains in clear text to support QoS.

■ Network Analysis Module allows capturing of traffic flows from hosts and the decoding of packets for detailed network analysis. It also collects NetFlow data to increase the visibility into application flows.

■ Content Engine Module is an Integrated Content module for 2800/3800 series routers that supports 40-GB and 80-GB internal hard disks for application and content networking.

NOTE For a quick reference and complete list of ISR modules, go to http://www.cisco.com/ warp/public/765/tools/quickreference/isr.pdf.

Was this article helpful?

0 0

Post a comment