Cisco Systems Inc. is having a coming out party for the VPN equipment it acquired when it bought Compatible Systems earlier this year.
The three VPN concentrators that came as part of the deal are now dubbed the Cisco 5001, 5002 and 5008 and support secure IP Security (IPSec) tunnels over IP networks including the Internet. They support the Layer 2 Tunneling Protocol as well.
The 5001 is designed to sit at a customer site, while the other two are meant for service provider points of presence. The equipment supports site-to-site VPNs connecting corporate offices and dial-up VPNs as well. The 5008 has the highest throughput, capable of supporting 40,000 simultaneous tunnels of Triple-DES encrypted traffic at 760M bit/sec.
Cisco says it has enhanced the boxes since it bought them from Compatible with software that supports Internet gateway protocol routing. This means that when the boxes are installed in a service provider network, they can keep customer traffic separate even if customers use overlapping private IP addresses.
These so-called independent customer virtual contexts also support separate RADIUS authentication and accounting servers and IP tunnel mappings as well.
The 5000 series of concentrators also perform frame relay to IPSec interworking, meaning customers with frame relay Internet access lines can keep those lines but link sites securely via the service provider's network.
Service providers can push security policies and access controls to client software in customer equipment from the provider's network, eliminating the need to configure each client by hand.
This equipment gives carriers the tools to set up network-based VPN services that require few changes to customer networks, according to Ron Westfall, an analyst with Current Analysis, a market analysis firm in Sterling, Va.
The new equipment lacks integration with Cisco Secure PIX firewall or an intrusion-detection gear that customers often seek when buying VPN services, Westfall says. However, Cisco says these additions are on the drawing board, according to Westfall.
The 5001 costs US$19,000 and has a fixed, dual Ethernet-port configuration. The other two models are modular and the 5002 ranges from $85,000 to $105,000, while the 5008 ranges from $90,000 to $400,000. The 5002 supports Ethernet, DS-3, OC-3 and OC-12 ports.
Clients for the 5000 series are free and available for Windows 95, 98, NT and 2000 as well as MacOS, Linux and Solaris.www.cisco.com