Cisco PIX 525 Fiche technique - Page 6
Parcourez en ligne ou téléchargez le pdf Fiche technique pour {nom_de_la_catégorie} Cisco PIX 525. Cisco PIX 525 13 pages. Security appliance
Également pour Cisco PIX 525 : Manuel de l'utilisateur (30 pages)
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Feature
Benefit
● Provides wealth of advanced attack protection services to defend businesses from many
Multi-Vector Attack
Protection
popular forms of attacks, including denial-of-service (DoS) attacks, fragmented attacks, replay
attacks, and malformed packet attacks
● Delivers advanced TCP stream reassembly and traffic normalization services to assist in
detecting hidden application and protocol layer attacks
● Integrates with Cisco Network Intrusion Prevention System (IPS) solutions to identify and
dynamically block or shun hostile network nodes
Authentication,
● Integrates with popular AAA services via TACACS+ and RADIUS, with support for redundant
Authorization, and
servers for increased AAA services resiliency
Accounting (AAA) Support
● Provides highly flexible user and administrator authentication services, dynamic per-user/per-
group policies, and administrator privilege control through tight integration with Cisco Secure
Access Control Server (ACS)
Robust IPSec VPN Services
Cisco Easy VPN Server
● Delivers feature-rich remote access VPN concentrator services for up to 2000 remote
software- or hardware-based VPN clients
● Pushes VPN policy dynamically to Cisco Easy VPN Remote-enabled solutions (such as the
Cisco VPN Client) upon connection, helping to ensure that the latest corporate VPN security
policies are used
● Performs VPN client security posture checks when a VPN connection attempt is received,
including enforcing usage of authorized host-based security products (such as the Cisco
Security Agent) and verifying its version number and status prior to letting the remote user
access the corporate network
● Provides administrators precise control over what different types of VPN clients (software
client, router, VPN 3002, and PIX) are allowed to connect based on type of client, operating
system installed, and version of VPN client software
● Supports automatic software updates of Cisco VPN Clients and Cisco 3002 Hardware VPN
Clients, with the ability to trigger updates when VPN connections are established, or on-
demand for currently connected VPN clients
● Extends VPN reach into environments using NAT or Port Address Translation (PAT), via
support of a variety of TCP and UDP-based NAT traversal methods including the Internet
Engineering Task Force (IETF) draft standard
● Includes a free unlimited license for the highly acclaimed, industry-leading Cisco VPN Client
Cisco VPN Client
● Available on wide-range of platforms including Microsoft Windows 98, ME, NT, 2000, XP; Sun
Solaris; Intel-based Linux distributions; and Apple Macintosh OS X
● Provides many innovative features including dynamic security policy downloading from Cisco
Easy VPN Server-enabled products, automatic failover to backup Easy VPN Servers,
administrator customizable distributions, and more
● Integrates with the award-winning Cisco Security Agent (CSA) for comprehensive endpoint
security
Site-to-Site VPN
● Supports IKE and IPSec VPN standards
● Extends networks securely over the Internet by helping to ensure data privacy, data integrity,
and strong authentication with remote networks and remote users
● Improves network reliability and performance through support of OSPF dynamic routing and
reverse-route injection over site-to-site VPN tunnels
● Supports 56-bit DES, 168-bit 3DES, and up to 256-bit AES data encryption
● Provides convenient method for authenticating VPN users through native integration with
Native Integration with
Popular User
popular authentication services including Microsoft Active Directory, Microsoft Windows
Authentication Services
Domains, Kerberos, LDAP, and RSA SecurID (without requiring a separate
RADIUS/TACACS+ server to act as an intermediary)
X.509 Certificate and CRL
● Supports Simple Certificate Enrollment Protocol (SCEP)-based enrollment and manual
Support
enrollment with leading X.509 solutions from Baltimore, Cisco, Entrust, iPlanet/Netscape,
Microsoft, RSA, and VeriSign
● Interoperates with large-scale Public Key Infrastructure (PKI) deployments through n-tiered
certificate hierarchy support
Resilient Architecture
Active/Active and
● Ensures resilient network protection for businesses through the award-winning high availability
Active/Standby Stateful
services provided by certain models of Cisco PIX 525 Security Appliances
Failover
● Supports Active/Standby failover services as a cost-effective high availability solution, where
one failover pair member operates in hot-standby mode acting as a complete redundant
system that maintains current session state information for the active unit
● Delivers advanced Active/Active failover services where both Cisco PIX Security Appliances
in a failover pair actively pass network traffic simultaneously and share state information bi-
directionally, enabling support for asymmetric routing environments and effectively doubling
the throughput of the failover pair for bursty network traffic conditions
● Supports long-distance failover enabling geographic separation of failover pair members,
providing another layer of protection
Data Sheet
Page 6 of 13