Cisco Simplifies VPN Security On Routers


The updates come as Cisco marks a milestone, selling more than 2 million ISRs worldwide since launching the family of branch office access routers about two years ago. The ISR line combines routing and switching capabilities with advanced services such as security and VoIP.

"There's a very large installed base of ISRs today. It has been well-accepted in the market," said John Growdon, director of routers and switches for worldwide channels at Cisco, San Jose, Calif. "More than 50 percent have shipped with at least one advanced service turned on."

The rollout includes the launch of integrated tunnel-less VPN technology and a Wide Area Application Services (WAAS) module that adds WAN optimization and acceleration capabilities. Cisco also is expanding voice and video services on the routers.

Cisco's new VPN capabilities are based on its Group Encrypted Transport (GET) technology, an addition to the security software load for its routers. Traditional VPN technology includes point-to-point tunnels that carry packets that have their headers and payloads encrypted, but those headers carry critical multicasting and quality-of-service data that essentially are lost when they are encrypted, Growdon said.

Sponsored post

Cisco's new technology leaves the header alone. "We can use native routing to get the packets to any endpoint on the network, and all of the QoS and multicasting information is retained," Growdon said. "We're simplifying the implementation and management of the overall VPN." Cisco is working to make the new technology a standard, he added.

The tunnel-less VPN technology will ease complex deployments and support implementations that would be too expensive with traditional VPN technology, said Chris Fairbanks, principal network architect at EPlus, a Herndon, Va.-based solution provider.

For example, a 30-site customer that deploys an MPLS network would gain the ability for any office to communicate directly with another location without sending traffic through headquarters. But to build out a traditional VPN implementation to provide corresponding capabilities would require 870 VPN tunnels, something that no customer would want to pay for, Fairbanks said.

"I could route all of the tunnels back to headquarters, but then they just lost the benefits of MPLS," he said.

With Cisco's VPN technology, Fairbanks said he can provide secure, site-to-site VPN connectivity much more simply and economically. "With this, it's just four or five lines of configuration on each router, and I'm done," he said.

Besides the new security capabilities, Cisco also is launching its new WAAS module, which brings integrated WAN optimization and application acceleration capabilities to the router line.

"It makes the WAN link effectively larger without having to upgrade it," Growdon said, noting that a trend toward server consolidation is helping drive the technology.

Cisco, too, is enhancing voice and video features on the ISR product line with new SIP trunking capabilities; consolidated voice, video and data on a single Primary Rate Interface (PRI); secure Survivable Remote Site Telephony and Call Manager Express; integrated voice XML; and a session border controller.

Cisco's WAAS module is available now starting at $3,750. Cisco's GET VPN technology is scheduled for release this month via the 12.4(11)T release of the vendor's Internetworking Operating System (IOS) for Cisco ISR, Cisco 7301 and Cisco 7200 routers.