Cisco 1711 - Security Access Router Manuel d'utilisateur

1© 2003, Cisco Systems, Inc. All rights reserved.Cisco Secure RouterMichael Salat [email protected] Systems Austria, SMB

101010© 2003, Cisco Systems, Inc. All rights reserved.Cisco IOS Intrusion Detection – Inline• Cisco IOS differentiator – Mitigate, act (reset), and no

111111© 2003, Cisco Systems, Inc. All rights reserved.Currently Supported Cisco IOS IDS Signatures• Signatures types supported:- IP option attacks- La

12© 2003, Cisco Systems, Inc. All rights reserved.Cisco VPN Solutions

131313© 2003, Cisco Systems, Inc. All rights reserved.Benefits of VPNsNetwork CostNetwork CostNew CapabilitiesNew CapabilitiesFlexibilityFlexibilityEx

VPN Types141414© 2003, Cisco Systems, Inc. All rights reserved.Intranet VPNsite2siteExtranetVPNsite2siteRemoteAccess VPNRemoteOfficeRegionalOfficeInte

151515© 2003, Cisco Systems, Inc. All rights reserved.Cisco Site-Site VPN StrengthsSolutions that fit your requirementsMany different platformsVPN wit

161616© 2003, Cisco Systems, Inc. All rights reserved.Remote Access VPN Options 100 users or fewer 100 to 500 users 500 users or moreBroadband access

171717© 2003, Cisco Systems, Inc. All rights reserved.Remote Connectivity - Cisco IPsec VPN ClientCisco’s VPN Client can terminateon all of our VPN pl

181818© 2003, Cisco Systems, Inc. All rights reserved.V3PN—Voice and Video Enabled VPN • Fully functional, cost-effective remote working environments–

191919© 2003, Cisco Systems, Inc. All rights reserved.V3PN—Voice and Video Enabled VPNPhiladelphiaWash DCCorp Office NY212-555-1212Log into phone and

222© 2003, Cisco Systems, Inc. All rights reserved.Agenda• Block 1:- Cisco's Network Admission Control Programm & Selbstverteidigende Netzwer

20© 2003, Cisco Systems, Inc. All rights reserved.Cisco Easy VPN

212121© 2003, Cisco Systems, Inc. All rights reserved.VPN Deployment & Management Challenges• Heterogeneous CPE devices and clients• Remote sites

222222© 2003, Cisco Systems, Inc. All rights reserved.Scalable Deployment & ManagementVPN Solution HQ / ISPConfigurationAConfiguration AConfigurat

232323© 2003, Cisco Systems, Inc. All rights reserved.Push VPN Policy with Cisco Easy VPN HQ Cisco 1700SBOVPN functions are assigned IKE Mode Config

242424© 2003, Cisco Systems, Inc. All rights reserved.Cisco “Full Service”Access Router Portfolio2600XM SeriesLow Density Services Platform• Modular c

252525© 2003, Cisco Systems, Inc. All rights reserved.Cisco Access Router PortfolioEnterprise HQEnterprise HQCisco 7x00Cisco 7x00Cisco SOHOCisco SOHOC

26© 2003, Cisco Systems, Inc. All rights reserved.Cisco SOHO90 and Cisco 800Secure Broadband Router

272727© 2003, Cisco Systems, Inc. All rights reserved.Extending Integrated Security and Advanced Services To the EdgeStateful Firewall4-Port 10/100 Sw

Cisco SOHO 96 Router Hardware282828© 2003, Cisco Systems, Inc. All rights reserved.10/100 MB Ethernet SwitchConnect to Ethernet network devices on the

292929© 2003, Cisco Systems, Inc. All rights reserved.Extending the Intelligent Network to Extending the Intelligent Network to the Small Officethe Sm

333© 2003, Cisco Systems, Inc. All rights reserved.Router EvolutionTimeFunctionality/IntegrationTodayMulti-Protocol Routing, Access Control, QoS Tools

303030© 2003, Cisco Systems, Inc. All rights reserved.Key Features Key Features ––Integrated Security & RoutingIntegrated Security & Routing•

31© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711 and 1712 Security Access Routers

323232© 2003, Cisco Systems, Inc. All rights reserved.Introducing Cisco 1711 and 1712Security Access Routers for Enterprise Small Branch Offices and S

333333© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711 and 1712 Key FeaturesCisco 1711Cisco 1711Cisco 1712Cisco 1712• Fixed Configuration• 1

343434© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711 and 1712 InterfacesCisco 1712Cisco 1712Cisco 1711Cisco 1711Analog Modem PortAnalog An

353535© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711/1712 Application: DMZ with FirewallDMZ802.1Q VLAN Defined DMZCisco IOS Firewall Appli

363636© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711/1712 Application: Internet Hotspot802.1Q VLAN Defined Hotspot SegmentLAN Wireless Acc

373737© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711/1712 Application: DDR BackupDDR Initiated failover toAnalog Modem/ISDN Port DDR Initi

383838© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711/1712 Application: Remote ManagementRemote AdministratorLAN 10/100BaseT Switch10/100Ba

393939© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711/1712 Application: ISDN to DSL MigrationLAN Initial/Temporary ISDN ServiceMigration to

444© 2003, Cisco Systems, Inc. All rights reserved.Integrated Device Security - Embedded Cisco IOS SecurityCisco IOS Security RouterVPN + Firewall + I

404040© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1700 Series Product LineCisco 1711/1712Cisco 1711/1712Cisco 1721Cisco 1721Cisco 1751Cisco

414141© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1711 and 1712 Ordering Information• CISCO1711-VPN/K9–Includes: 32MB Flash, 64MB DRAM, 4-Po

424242© 2003, Cisco Systems, Inc. All rights reserved.Ordering Information• CISCO1721 ($1,195 USD list)–Same price as Cisco 1720• CISCO1721-VPN/K9 ($

434343© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1760 ArchitectureAvailable onCisco IOS® 12.3T and 12.3 Mainline Console Port/AUX PortFast

444444© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1760 Interface SupportConsole Port/AUX PortFast Ethernet PortVIC SlotsWIC/VIC Slots• LAN D

454545© 2003, Cisco Systems, Inc. All rights reserved.Cisco 1760 Bundles Product Number Includes List Price Savings$1,595 US$2,595 USCISCO1760-VPN/K9R

46© 2003, Cisco Systems, Inc. All rights reserved.Cisco Security Device Manager (=SDM)

474747© 2003, Cisco Systems, Inc. All rights reserved.SDM – Ease of configurationTwo modes of operationGuide: for the noviceFeature: for technical us

484848© 2003, Cisco Systems, Inc. All rights reserved.Security Device Manager (SDM) • Security application embedded in all target router’s flash• Supp

494949© 2003, Cisco Systems, Inc. All rights reserved.Security Device Manager (SDM) Device Configuration & Monitoring Features• Basic Layer 3 conf

555© 2003, Cisco Systems, Inc. All rights reserved.Cisco Security Product PortfolioExtendedPerimeterSecuritySecureConnectivityIntrusionProtectionIdent

505050© 2003, Cisco Systems, Inc. All rights reserved.Cisco Security Device Manager: Combining Ease Of Use & Application IntelligenceSDM is an int

515151© 2003, Cisco Systems, Inc. All rights reserved.Questions?

525252© 2003, Cisco Systems, Inc. All rights reserved.525252© 2001, Cisco Systems, Inc. All rights reserved.

535353© 2003, Cisco Systems, Inc. All rights reserved.SMB Security Deployment Blueprint—100 Users or FewerCisco access router with firewall and VPNCis

545454© 2003, Cisco Systems, Inc. All rights reserved.SMB Security Deployment Blueprint—100 Users or FewerSecure corporate servers with HIDSCisco®1700

666© 2003, Cisco Systems, Inc. All rights reserved.Cisco IOS Firewall Positioning and Platform SupportSmall DivisionSmall BusinessSmall Satellite Offi

Cisco IOS Firewall Features777© 2003, Cisco Systems, Inc. All rights reserved.• Stateful Firewall Engine – tracks protocol state of connection• Suppor

8© 2003, Cisco Systems, Inc. All rights reserved.Intrusion Detection Sensor

999© 2003, Cisco Systems, Inc. All rights reserved.Cisco IOS Firewall Intrusion Detection• Inline sensor of network traffic for potential misuse or po