This discussion is locked

ASK THE EXPERTS - ISR G2 SECURITY

Unanswered Question
Apr 11th, 2010

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on latest Security innovations on the ISR with Cisco expert Aamir Waheed. Aamir is a senior product manager for security in Cisco’s access router group in San Jose, CA. He is responsible for integrating customer and market requirements to bring new Cisco IOS security solutions to market. He previously worked as a technical marketing engineer in Cisco’s security technology group where he was responsible for building technical presentations and training Cisco partners and sales teams on newly introduced IOS security technologies and products. He has over 10 years of experience in the networking industry with over 5 years in the areas of product development, competitive analysis and market intelligence. He is an experienced security expert who has been a veteran speaker at various Cisco customer and partner facing events and has served as a panelist, reviewer, and consultant representing Cisco at many security conferences. He also has a CCIE in Security (#8933).

Remember to use the rating system to let Aamir know if you have received an adequate response.

Aamir might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through April 23, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rocksolidimages Tue, 04/13/2010 - 16:03

Hello,

I have a Cisco ASA 5510 firewall.

When configuring, the ASDM software installed and works fine on a windows XP system, However, even though it appears to install on Windows 7 (64 bit) and Server 2003 (32 bit) ithe GUI does not display.

Thank you

peggyjackson Fri, 04/16/2010 - 08:35

How can I get performance boost from my older ISR?

awaheed Tue, 04/20/2010 - 10:08

Hi,

Which features are you trying to get performance boost for on the older ISR's. Their is a VPN AIM module (http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5853_Products_Data_Sheet.html) that can provide VPN acceleration. For across the board performance & scalability boost you should consider ISR G2's for your branch. More details available at www.cisco.com/go/isrg2

Please provide some more details for me to get back to you on this,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

steve_vanburen Fri, 04/16/2010 - 08:38

Can you provide some more details on GETVPN solution within IOS?

awaheed Tue, 04/20/2010 - 10:05

Hi Steve,

The new ISR G2's provides GETVPN Group member support. Cisco Group Encrypted Transport VPN (GET VPN), eliminates the need for compromise between network intelligence and data privacy in private WAN environments. Service providers can finally offer managed encryption without a provisioning and management nightmare since GET VPN simplifies the provisioning and management of VPN. GET VPN defines a new category of VPN, one that does not use tunnels. You can get more details on GETVPN at: www.cisco.com/go/getvpn

Hope this helps,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

jan.nielsen Sun, 04/18/2010 - 14:02

Are there specific IOS features that the ISR G2 is especially quick at, in comparison to the old ISR's ?

Where does the 3900 series place, in comparison to ex. the ASR series performance wise ?

How many Spokes would you recommend for a Dual Hub/Dual Cloud DMVPN scenario with 3900's at the Hub Site, lets say with QoS/EIGRP/DMVPN enabled?

awaheed Tue, 04/20/2010 - 10:21

Hi,

The ISR G2's provide an overall performance boost with all Services of 3-4x when compared to the older ISR's.

You can review the Miercom report for ISR G2's at: http://www.miercom.com/cisco/isrg2

Additionally here is the detailed Network Security features datasheet for the ISR G2's:

http://www.cisco.com/en/US/prod/collateral/routers/ps10538/data_sheet_c78-556151_ps10536_Products_Data_Sheet.html

I will get some details for you around the specific DMVPN design questions and will get back to you shortly,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

ROBERTO TACCON Wed, 04/21/2010 - 03:06

Hi,

as indicated by the following documents the performance for VPN IPSEC and SSL VPN are:

*** Cisco IPsec and SSL VPN Solutions Portfolio

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72.html

for example:

the Cisco 3845 Integrated Services Router with onboard VPN

Maximum Tunnels: 700

Maximum AES Throughput: 180 Mbps

the Cisco 3845 Integrated Services Router with AIM-VPN/SSL-3

Maximum Tunnels: 2500

Maximum AES Throughput: 210 Mbps

*** Portable Product Sheets

http://www.cisco.com/web/partners/tools/quickreference/index.html

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/vpn_performance_eng.pdf

*** Q.: it's possibile to have a doc. about the performance (IPSEC VPN and SSL VPN ) for the ISR G2 ?

Regards

Roberto Taccon

sameer.devlekar Thu, 04/22/2010 - 23:24

Hi Amir,

Not sure if this topic relates to you but, I tried to find out the answer to this question from all the possible sources, no luck.

Would appreciate if you can help me out with this.

We have a Cisco IDS system MARS v6, I get a lot more event alerts for "Windows System32 Directory File Creation". I tried to analyze the log of the machines on the basis of reports. but couldn't find any clue. But found that the WSUS/SCCM servers are the major high session targeted machines.

Please help me understanding the exact purpose/reason/explanation of this signature.

Thanks in advance,

Sameer

awaheed Fri, 04/23/2010 - 11:36

Hi Sameer,

Its best to ask this on the IPS appliance forum page as I am not familiar with the IPS appliances.

Rgds,

Aamir

Actions

This Discussion