CISCO INTEGRATED SERVICES ROUTER - Intelligent Network Services for Medium-sized Companies and Large Enterprises - IT MARKETING COMPANY
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
CISCO INTEGRATED SERVICES ROUTER Intelligent Network Services for Medium-sized Companies and Large Enterprises
CONTENT Integrated network services with Cisco Integrated Services routers 3 Cisco Integrated Services routers for small to medium companies 5 Teleworker solution with the Cisco 800 series and IP Communicator 5 Cisco Integrated Services routers for connecting branch offices 6 Intelligent services in the Cisco routers • Security 9 • IP telephony 10 • VPN 12 • Standardized management 13 Cisco routers overview 14 2
INTEGRATED NETWORK SERVICES WITH
CISCO INTEGRATED SERVICES ROUTERS
Cisco Integrated Services routers offer a wide range of intelligent services
that provide much more than a simple data link between company headquar-
ters, branch offices and the Internet. Medium-sized companies and branch
offices of large enterprises use an increasing number of applications to com-
municate with partner companies, mobile staff and other stand alone offices.
This level of communication calls for a more stringent network requirements
profile with regard to security, performance, scalability, and availability.
Our goal is to deliver all mission-critical applications plus the same level of
performance and security to all users across the network – from company
headquarters through branch offices and home offices to mobile staff.
Network-based applications for medium-sized and large-scale enterprises have become
both complex and extensive. Older (legacy) programs operate simultaneously with
modern client/server software and new web applications. The entire spectrum of
communications, from data (e-mail and Internet) to voice (IP telephony) and video
(e-learning and e-conferencing) also runs via the network. On top of this, security and
administration tools demand bandwidth and computing power. Add to this the need
to link branch offices, partner companies and staff via WAN or VPN connections for
communication with headquarters.
The network product manufacturers and application vendors involved are as varied
as the products themselves. Integrating products from different manufacturers is a
complex process; management and administration are time-consuming.
Problems and friction losses related to compatibility, functional interoperability and
integrated management of products from different manufacturers frequently occur
when implementing network extensions in order to incorporate additional IT security
features, new services, and features (such as unified messaging or IP telephony).
Operating two separate networks (data and telephone networks) calls for at least two
vendors and support organizations, which generates higher costs and places a greater
burden on support services. If these networks also house single products from differ-
ent providers, the time and expense incurred by installation, configuration and main-
tenance can rise at an exponential rate. And should an additional service or new tech-
nology also need to be included (such as extended virus protection), the extent of the
problem will grow still further.
3
Telephon
Fax
PSTN PBX
Vendor 1
Router Firewall
Vendor 2 Vendor 3
Internet Switch
Vendor 4
WAN
Figure 1
Multivendor network
A reduction of network products from various manufacturers serves to reduce
management and operative complexity and helps to reduce both ongoing and future
costs. The progressive integration of services (including firewall, VPN, intrusion pre-
vention and telephony) in a device such as one of the new Cisco routers ensures stan-
dardized management of all functions from a single point. And don’t underestimate
the fact that a single manufacturer or partner will be a reliable and competent source
of updates and extensions. IT administrators save time and expense by managing a
single Cisco router for all services.
New services and functions mean that a router must be capable of handling growing
demands. And that is precisely the strength of the new Cisco 1800, 2800 and 3800
Integrated Services router series: enhanced performance to handle increasing data
transmission rates while continuing to provide all router services (including VPN
encryption, firewalling, unified messaging, and IP telephony) to the highest standards.
Medium-sized businesses and branch offices can thus enjoy security of investment
for years to come.
PSTN
Fax
Catalyst 3560 Switch
Internet
WAN
Cisco 2801
+ CallManager Cisco 7905G
Express Cisco 7960G
+ IOS Firewall IP Phone
IP IP IP
+ VPN
+ VoiceMail
Figure 2
Integrated Services router
network from Cisco
4
Cisco Integrated Services routers for small to medium companies
Companies can connect to the Internet using a Cisco Integrated Services router which
supports all communication standards including ISDN, ADSL, SHDSL, Cable, Frame
Relay, ATM, and Ethernet. The implementation of a firewall to prevent unauthorized
access from the Internet to your private network is imperative. Cisco IOS router soft-
ware enables this without installing additional hardware. A local-area network (LAN)
is set up to connect workstations with the router and servers. Cisco Catalyst switches
provide a next-generation solution for this purpose. Intelligent switching does more
than transporting data from A to B. Data can also be assigned quality ratings and,
with the help of Quality of Service (QoS), preferential treatment. In this way, switch-
ing modules can be integrated directly in the routers. Using Power over Ethernet
(PoE), the Cisco Catalyst switches also provide power for equipment such as WLAN
access points, IP telephones or monitoring cameras.
Supplying all functions for setting up an IP telephone network, Cisco CallManager
Express is the ideal solution for telephony in small to medium companies using up to
240 telephones. The advantage of this solution is that the PBX operates in the router
itself and can be configured and managed from a web browser using a graphical user
interface. And the fact that the only hardware required is an Ethernet Category 5 data
cable helps to reduce the cost of new installations and office expansions in particular.
The router thus becomes the primary PBX in your company. It also connects you to
the public network via Basic Rate Interfaces (BRI) or Primary Rate Interfaces (PRI) –
see also figure 2. As an option voicemail and unified messaging functions can be
integrated in the router via a network module or an advanced integrated module
running Cisco Unity Express.
Teleworker solution with the Cisco 800 series, IP Communicator
and VPN (max. 10 sites)
Figure 3
Home workstation scenario – all work- The following scenario demonstrates how the Integrated Services router network for
places can be equipped with Cisco IP small to medium sized networks can be expanded to include home workstations to
Communicator software. In this way
the home PC can be used as an IP phone
enable data access and corporate communication for teleworkers. Teleworkers can
without the need of a seperate phone line. access the same applications and services as if they were connected to the internal
Cisco PSTN
831 public switched
telephon network
Fax
Cisco Catalyst 3560 Switch
831
Internet
WAN/VPN
Cisco 2801
+ CallManager Cisco 7905G
Express Cisco 7960G
Cisco data IP Phone
+ IOS Firewall IP IP IP
837 voice + VPN
IPsec tunnel + VoiceMail
Cisco IP Communicator
5
company network. The home workstation is connected to the Internet via ADSL
using a Cisco 831 or Cisco 837 router. A VPN connection is set up between the
company headquarters and the Cisco 831/837 router. As with all Cisco routers, an
integrated firewall on the Cisco 831/837 protects teleworkers against Internet
hackers. Therefore, it is not necessary to install a separate firewall on each home PC.
Instead of phoning via the public network (as was previously the case), the teleworker
now communicates via ADSL line using the Cisco IP Communicator. In the case of an
ADSL fixed-rate connection, for example, this would incur no additional phone charges.
In this network scenario, up to 10 home workstations are supported for telephony
with the Cisco CallManager Express. Cisco’s IOS V3PN (integrated in the routers)
controls prioritization between data and voice packages over a single line.
The Cisco 831/837 router for home offices can be managed from company
headquarters.
Cisco Integrated Services routers for connecting branch offices
The modularity of the Cisco Integrated Services routers enables linking branch offices
to company headquarters with a range of different WAN interface cards. The Cisco
1760, 1800, 2600XM, 2800, 3700 and 3800 series routers can be expanded using
additional interface cards. The hardware architecture of the new Cisco 1800, 2800,
3800 Integrated Services routers was designed in such a way as to ensure that all
services – such as encryption, telephony, firewalls, and packet transport – could be
provided simultaneously and to the same high level of performance. Confidential data
are transmitted between a branch office and company headquarters via VPN (virtual
Figure 4
Branch office A
Scenario describing branch office link with 72 User
Integrated Services router. VPN connections
for exchanging data, voice and video are set Fax
up via the Internet.
Catalyst 3560 Switch
Cisco 2851
+ CallManager Cisco 7905G
Express Cisco 7960G
PSTN + IOS Firewall
IP IP IP
+ VPN
+ VoiceMail
Headquarters
240 User Branch office B
24 User
Fax
Fax
Cisco 3845
Catalyst 2950T-24 Switch
Catalyst 4500 Internet
Switch WAN/VPN
+ CallManager
Express Cisco 2801
+ IOS Firewall Cisco 7905G
+ CallManager Cisco 7960G
+ IDS Express IP
Cisco 7905G IP IP
+ VPN IP Phone
Cisco 7960G + IOS Firewall
IP IP IP + NAC + VPN
IP Phone + VoiceMail + VoiceMail
+ automated
attendant
6Cisco 2801
private network) which protects transmissions from external unauthorized access.
The VPN also enables you to transport convergent data, i.e. video and voice, with
higher priority.
Cisco offers a number of options for setting up VPNs. A dedicated software solution
is available (Cisco VPN Client), for example, mobile workers seeking to connect to
a branch office or company headquarters. The Cisco VPN-capable routers are ideally
suited for branch offices and smaller setups.
The CallManager Express (Cisco 1760, 2600XM, 2800, 3700 and 3800 series) is
deployed for telephony in branch offices or standalone offices. This removes the need
to purchase, configure and manage a separate PBX in a branch office. CallManager
Express enables telephony management and administration from company headquar-
ters, thus reducing ongoing operating costs.
The high purchase costs of PBX systems also no longer apply since CallManager
Express operates as a service in the Cisco router.
The Cisco 3845 router permits simultaneous operation of up to 240 telephones.
Cisco Integrated Services routers overview
The table on page 14 shows new features contained in the Cisco 1800, 2800, and
3800 router series.
New Cisco 1800, 2800, 3800 Integrated
Services router series (left to right)
7INTELLIGENT SERVICES IN
THE CISCO ROUTERS
High security levels, effortless communication and simple management –
all thanks to Cisco Integrated Services routers. Here is a description of the
full range of functions available:
Enhanced security with Cisco routers
There are enough products on the market that promise to make your life easier.
Numerous manufacturers offer stand alone solutions for each security problem. Yet
by installing several different products from different providers, both in your company
headquarters and in branch offices, you may improve your security but you’re also
likely to lose your overview. Where do attacks take place? Which attacks should be
reported to the administrator? What measures must be implemented immediately?
It makes sense to receive security solutions from a single source, from a single provider,
possibly even from a single product. This allows universal security policies to be defined
with fewer complications, thus significantly easing the daily workload of administrators
– be it during installation, maintenance, troubleshooting or installing new applications.
Cisco’s Integrated Services routers bring together Internet access, dynamic routing
functions, firewall, intrusion detection, VPN operation, encryption, comprehensive
QoS, as well as secure transfer of voice and video.
Cisco IOS Firewall Feature Set – This software integrates a stateful inspection firewall
in the router that also monitors data traffic at application level. The applications
monitored by Context-Based Access Control (CBAC) include both TCP and UDP
applications, HTTP (Java blocking), SMTP, FTP, TFTP as well as multimedia such as
SIP, SCCP (Skinny), H.323, RTSP, RealAudio and other voice/video applications.
Intrusion detection – Cisco IDS identifies more than one hundred of the most infamous
methods of attack. It does this using signatures that analyze data flow for patterns
and is able to detect attack attempts at an early stage. If suspicious activities are
identified, Cisco IDS blocks the attack before it reaches the network and sends an
alarm message to the management console.
Data encryption – Employing either software or dedicated hardware modules, Cisco
routers encrypt VPN communication using the 56-bit Data Encryption Standard
(DES), 128-bit Triple DES (3DES) or 256-bit Advanced Encryption Standard (AES).
Encryption is also possible via an X.509 Public Key Infrastructure (PKI).
Network Admission Control (NAC) – Based on the Cisco Trust Agent (CTA) software
which is installed on desktop systems and on servers, information on security compli-
ance and operating system versions is collated from the desktop or server. CTA can
report information that is supplied by antivirus software from vendors such as Trend
Micro and forwarded to Cisco network components which then assess whether or not
network access should be permitted.
9URL filtering – URL filters can be employed should a company want to prevent
staff from accessing websites not related to their job descriptions. This ensures that
network resources and bandwidth are not squandered on unnecessary surfing. Using
an URL database of more than 20 million addresses subdivided into 60 categories
administrators can prevent staff from accessing inappropriate web content.
Telephony with Cisco routers
Voice communication using IP networks (Voice over IP) is becoming the medium of
choice for a growing number of companies. More than two million users already
enjoy the benefits of Cisco IP phones worldwide. IP telephony has established itself
as a practical and cost-effective solution – particularly for companies operating with
branch offices or subsidiaries. As well as lowering the cost of internal calls, i.e.
between headquarters and branch offices, the maintenance and management of only a
single communication network – rather than two networks – also reduces outlay and
ongoing costs. Scalability in a more simple way, i.e. uncomplicated addition of new
phone users and PC workstations, is another key argument in favour of IP telephony.
Figure 5
Business Site-to-Site PSTN Unified Enhanced
Phone Services Voice Access Communications IP Services
Service Provider Infrastructure
M V V V IAD
M M
M M
IP IP IP IP IP IP IP IP IP
Managed Remote IP Phones Managed Managed VoIP Router Managed VoIP Router
Cisco IP-PBX with hosted IP-PBX Cisco IP-PBX with TDM-PBX with TDM-PBX
with SRST failover on IOS Router
Figure 5 describes the implementation of a Cisco Integrated Services router in a
customer location and at a service provider. The Cisco router provides the following
range of functions:
• independent IP telephone network with unlimited number of users via
Cisco CallManager
• independent IP telephone network with up to 240 users via
Cisco CallManager Express
• IP telephone network hosted by service provider
• independent telephone network with conventional PBX linked to a Cisco router
• independent telephone network with analog devices linked directly to Cisco router
As part of the Integrated Services router, the Cisco CallManager Express and Cisco
Unity Express vastly simplify the process of setting up a convergent network for
companies and branch offices. All you need is the following:
10Cisco access router – The Cisco 1760 and the 2600XM, 2800, 3700 and 3800 series
models are fully equipped for IP telephony. Excellent quality-of-service functions
prioritize voice and data traffic, monitor bandwidth in the network and ensure
optimum voice quality.
Cisco IP telephones – Cisco offers a broad selection of different IP telephones: from
simple devices without a display (such as the Cisco 7905G IP telephone, which covers
all basic functions), through the Cisco 7970G (managing multiple lines and equipped
with an coloured XML-controlled display) to the wireless Cisco 7920G IP phone.
Public phone line – A phone line must be available to connect the Cisco router to
the public phone network (PSTN) via BRI or PRI. Cisco CallManager Express sets
up functions typical for PBX systems on the Cisco router platform.
Cisco Unity Express – Installed via module in the router, the Cisco Unity Express
is used for voicemail applications and automatic call forwarding. Delivers a range
of voicemail functions and automatic forwarding of incoming calls.
Less work and lower costs. Instead of running two separate networks (PBX and data
network), the Integrated Services router routes telephone and data traffic over a single
infrastructure. This eliminates the cost of maintaining the TC network and servicing
support contracts, and reduces administration and configuration expenses.
Reduced relocation costs – Users can change desks within the company simply by
plugging in their Cisco IP telephone. They then receive their user-specific profile and
telephone number. Cisco CallManager Express automatically recognizes the user and
updates the database accordingly. And that’s it – without any IT support.
Reduced total cost of network ownership – The combination of voice and data in
a single IP network simplifies network architecture and administration – and all
support is now provided by a single source.
Cisco IP Phones: 7902G, 7905G, 7912G,
7940G, 7960G with 7914 Expansion
Module, the 7970G, and the Cisco
Wireless IP Phone 7920
11Rapid connections – This all-inclusive solution can standardise, simplify and acceler-
ate voice and data connections from subsidiaries and branch offices. Script generation
options in Cisco CallManager Express facilitate the simultaneous administration of
multiple satellite offices and, at the same time, speed up installation.
Increased productivity – In a survey of 100 companies using IP telephony, almost
half of those interviewed confirmed an increase in productivity of branch office staff
within the first six months.
Virtual private networks with Cisco routers
VPNs can be implemented both for connecting two locations and for linking
individual workstations. The advantages offered by VPNs in comparison to
Frame Relay or ATM connections are:
• lower line costs
• greater geographical availability or coverage
• more simple connection of individual workstations, for example, for teleworkers
or mobile staff
• more secure data transfer with automatic encryption
• uncomplicated and rapid scalability
• better utilization of available bandwidths
• lower hardware costs
• more flexible and simple configuration of additional or new connections
• IT service outsourcing using the Internet Service Provider´s managed services
Cisco offers a range of options for setting up VPNs. This includes a software-based
solution for mobile staff, for example. For smaller installations such as small branch
offices Cisco offers VPN-compliant routers and switches that support not only
dynamic routing but also QoS and IP multicast data traffic. For larger installations,
on the other hand, Cisco offers special VPN equipment such as VPN concentrators.
12The VPN functions Easy VPN and Dynamic Multipoint VPN are new from Cisco.
Using Easy VPN in combination with the Cisco Unity Client protocol can reduce
configuration expenses for VPN connections. Remote-installation routers inherit their
configuration from a central VPN 3000 concentrator which operates as an IPsec server.
Dynamic Multipoint VPN (DMVPN) can be used to configure multiple VPN
connections without the central router having to save individual configuration
data for all connected routers.
Standardized management with Cisco Integrated Services routers
Cisco Security Device Manager (SDM) for graphic configuration
SDM is available for all access routers from the Cisco 800 series to the Cisco 3800
series and offers branch offices and stand alone offices in particular a browser-based
graphic tool for secure router configuration. SDM supports LAN/WAN, firewall and
VPN configurations based on the Cisco IOS software. SDM also provides security
audit functions which are used to check router configuration and suggests ways to
improve the level of protection in accordance with the recommendations of ICSA
Labs. SDM enables users to employ all security features offered by the Cisco access
router in a simple and cost-effective manner and configures the router without
extended external support.
Cisco Security Device Manager (SDM)
allows the administraton of most of
the Cisco applications including VPN,
security, etc. within one graphical user
interface.
13CISCO ROUTERS OVERVIEW
Product Name Modular Slots LAN (fixed) WAN
Slots for WIC Slots for NM AIM Modules Ethernet Fast Ethernet Token Ring ISDN ADSL serial
SOHO 91 4
SOHO 96 4 1 1
Cisco 801 1 1
Cisco 803 4 1
Cisco 805 1 1
Cisco 831 4
Cisco 836 4 1 1
Cisco 1712 1 5 1
Cisco 1721 2 1 1 2 2 4
Cisco 1751 3 1 1 2 2 4
Cisco 1760 4 1 1 2 2 4
Cisco 2610XM/11XM 2 1 1 12 10 2 12
Cisco 2612 2 1 1 1 1 10 2 12
Cisco 2620XM/21XM 2 1 1 12 10 2 12
Cisco 2650XM/51XM 2 1 1 12 10 2 12
Cisco 2691 3 1 2 2 12 3 14
Cisco 3725 3 2 2 2 19 7 24
Cisco 3745 3 4 2 2 35 11 38
General router overview, interfaces selection, number of ports for WAN, LAN, security, voice etc.dul
Product Name On-board On-board On-board Optional Slots for Slots for
Hardware DSP Slots Ethernet Power Interface Network
Encryption Ports over Cards Modules
Ethernet
Cisco 1841 14 Mb/s - 2 FE - 2 HWIC/VWIC/ –
WIC (data only)
Cisco 2801 14 Mb/s 2 2 FE 120 W 2 HWIC/VWIC/ –
WIC/VIC
1 VWIC/WIC/VIC
1 VWIC/VIC
(voice only)
Cisco 2811 20 Mb/s 2 2 FE 160 W 4 HWIC 1 NME
Cisco 2821 30 Mb/s 3 2 GE (10/100/1000) 240 W 4 HWIC 1 NME
1 EVM
Cisco 2851 50 Mb/s 3 2 GE (10/100/1000) 360 W 4 HWIC 1 NMED
1 EVM
Cisco 3825 80 Mb/s 4 2 GE (10/100/1000) + 1 SFP 360 W 4 HWIC 1 NME/EVM
1 NMED/EVM
Cisco 3845 100 Mb/s 4 2 GE (10/100/1000) + 1 SFP 360 W 4 HWIC 4 NME/EVM
NEW: Cisco 1841
NEW: Cisco 3825
NEW: Cisco 2801, 2811, 2821, 2851
14Cisco SOHO 91 Cisco 831 Cisco 1712
Ethernet Integrated Services CallManager Cisco
ETTx IDS Firewall VPN Express Unity
1 ■
■ Cisco 1760
■ ■
■ ■
■ ■
1 ■ ■
■ ■
1 ■ ■ ■
2 ■ ■ ■
Cisco 2600XM Serie
2 ■ ■ ■
2 ■ ■ ■ max. Tel. 24
4 ■ ■ ■ max. Tel. 24 ■
4 ■ ■ ■
4 ■ ■ ■ max. Tel. 36 ■
4 ■ ■ ■ max. Tel. 48 ■
4 ■ ■ ■ max. Tel. 48 ■
11 ■ ■ ■ max. Tel. 72 ■
19 ■ ■ ■ max. Tel. 120 ■
Cisco 2651 and 2691
Slots for Integrated Services
Advanced IDS Firewall VPN CallManager Cisco
Integration Express Unity
Modules
1 AIM ■ ■ ■ no no Cisco 3725
2 AIM ■ ■ ■ max. Tel. 24 ■
2 AIM ■ ■ ■ max. Tel. 36 ■
2 AIM ■ ■ ■ max. Tel. 48 ■
Cisco 3745
2 AIM ■ ■ ■ max. Tel. 96 ■
2 AIM ■ ■ ■ max. Tel. 168 ■
2 AIM ■ ■ ■ max. Tel. 240 ■
NEW: Cisco 3845
15UK Headquarters London (City) Manchester Ireland Scotland (Bellshill)
Cisco Systems Cisco Systems Cisco Systems Cisco Systems Cisco Systems
10 New Square Park International Financial Crescent House Eastpoint Business Park, Bothwell House
Bedfont Lakes Centre Towers Business Park Dublin 3 Pochard Way
Feltham 12th Floor Wilmslow Road Leinster Strathclyde Business Park
Middlesex Tower 42 Didsbury Ireland Bellshill
TW14 8HA Old Broad Street Manchester ML4 3HB
London M20 2JE Tel: +353 (1)819 2700
Tel: +44 (0)20 8824 1000 EC2 1HQ Sales: 00800 99990522 Tel: +44 (0)1698 847 000
Sales: 00800 99990522 Tel: +44 (0)161 249 5700 Sales: 00800 99990522
Tel: +44 (0)20 7496 3700 Sales: 00800 99990522
Sales: 00800 99990522
Copyright © 2004 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United
States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company.
09/04You can also read
