Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASK THE EXPERTS - ISR G2 SECURITY

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on latest Security innovations on the ISR with Cisco expert Aamir Waheed. Aamir is a senior product manager for security in Cisco’s access router group in San Jose, CA. He is responsible for integrating customer and market requirements to bring new Cisco IOS security solutions to market. He previously worked as a technical marketing engineer in Cisco’s security technology group where he was responsible for building technical presentations and training Cisco partners and sales teams on newly introduced IOS security technologies and products. He has over 10 years of experience in the networking industry with over 5 years in the areas of product development, competitive analysis and market intelligence. He is an experienced security expert who has been a veteran speaker at various Cisco customer and partner facing events and has served as a panelist, reviewer, and consultant representing Cisco at many security conferences. He also has a CCIE in Security (#8933).

Remember to use the rating system to let Aamir know if you have received an adequate response.

Aamir might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through April 23, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

12 REPLIES
New Member

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hello,

I have a Cisco ASA 5510 firewall.

When configuring, the ASDM software installed and works fine on a windows XP system, However, even though it appears to install on Windows 7 (64 bit) and Server 2003 (32 bit) ithe GUI does not display.

Thank you

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi,

The ASDM version 6.3(x) supports Windows 7. Please review the following release notes before upgrading to ASDM 6.3: http://www.cisco.com/en/US/partner/docs/security/asa/asa83/asdm63/release/notes/asdmrn63.html#wp261095

Feel free to ask any questions around ISR G2's aswell.

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

New Member

Re: ASK THE EXPERTS - ISR G2 SECURITY

How can I get performance boost from my older ISR?

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi,

Which features are you trying to get performance boost for on the older ISR's. Their is a VPN AIM module (http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5853_Products_Data_Sheet.html) that can provide VPN acceleration. For across the board performance & scalability boost you should consider ISR G2's for your branch. More details available at www.cisco.com/go/isrg2

Please provide some more details for me to get back to you on this,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

New Member

Re: ASK THE EXPERTS - ISR G2 SECURITY

Can you provide some more details on GETVPN solution within IOS?

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi Steve,

The new ISR G2's provides GETVPN Group member support. Cisco Group Encrypted Transport VPN (GET VPN), eliminates the need for compromise between network intelligence and data privacy in private WAN environments. Service providers can finally offer managed encryption without a provisioning and management nightmare since GET VPN simplifies the provisioning and management of VPN. GET VPN defines a new category of VPN, one that does not use tunnels. You can get more details on GETVPN at: www.cisco.com/go/getvpn

Hope this helps,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

Re: ASK THE EXPERTS - ISR G2 SECURITY

Are there specific IOS features that the ISR G2 is especially quick at, in comparison to the old ISR's ?

Where does the 3900 series place, in comparison to ex. the ASR series performance wise ?

How many Spokes would you recommend for a Dual Hub/Dual Cloud DMVPN scenario with 3900's at the Hub Site, lets say with QoS/EIGRP/DMVPN enabled?

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi,

The ISR G2's provide an overall performance boost with all Services of 3-4x when compared to the older ISR's.

You can review the Miercom report for ISR G2's at: http://www.miercom.com/cisco/isrg2

Additionally here is the detailed Network Security features datasheet for the ISR G2's:

http://www.cisco.com/en/US/prod/collateral/routers/ps10538/data_sheet_c78-556151_ps10536_Products_Data_Sheet.html

I will get some details for you around the specific DMVPN design questions and will get back to you shortly,

Rgds,

Aamir Waheed,

Sr. Product Manager,

Cisco Systems

New Member

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi,

as indicated by the following documents the performance for VPN IPSEC and SSL VPN are:

*** Cisco IPsec and SSL VPN Solutions Portfolio

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72.html

for example:

the Cisco 3845 Integrated Services Router with onboard VPN

Maximum Tunnels: 700

Maximum AES Throughput: 180 Mbps

the Cisco 3845 Integrated Services Router with AIM-VPN/SSL-3

Maximum Tunnels: 2500

Maximum AES Throughput: 210 Mbps

*** Portable Product Sheets

http://www.cisco.com/web/partners/tools/quickreference/index.html

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/vpn_performance_eng.pdf

*** Q.: it's possibile to have a doc. about the performance (IPSEC VPN and SSL VPN ) for the ISR G2 ?

Regards

Roberto Taccon

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi,

The ISR G2's provide 3-4x ISR performance. As for the Scalability numbers for IPSec tunnels. They remain the same as the ISR's as can be seen at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/data_sheet_c78-457320.html. We are in the process of updating the links to showcase the ISR G2 performance data.

Rgds,

Aamir

New Member

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi Amir,

Not sure if this topic relates to you but, I tried to find out the answer to this question from all the possible sources, no luck.

Would appreciate if you can help me out with this.

We have a Cisco IDS system MARS v6, I get a lot more event alerts for "Windows System32 Directory File Creation". I tried to analyze the log of the machines on the basis of reports. but couldn't find any clue. But found that the WSUS/SCCM servers are the major high session targeted machines.

Please help me understanding the exact purpose/reason/explanation of this signature.

Thanks in advance,

Sameer

Cisco Employee

Re: ASK THE EXPERTS - ISR G2 SECURITY

Hi Sameer,

Its best to ask this on the IPS appliance forum page as I am not familiar with the IPS appliances.

Rgds,

Aamir

1518
Views
0
Helpful
12
Replies
CreatePlease login to create content