The CiscoWorks Management Center for VPN Routers provides powerful end-to-end configuration, management, and deployment of secure VPN connections. The web based interface simply guides the operator through management tasks, as seen in Figure 1.
Figure 1. CiscoWorks Management Center for VPN Routers Configuration Interface
CiscoWorks VMS is an integral part of the SAFE Blueprint from Cisco® and combines Web-based tools for configuring, monitoring, and troubleshooting:
• VPNs
• Firewalls
• Network Intrusion Detection Systems (IDSs)
• Host-based Intrusion Prevention Systems (IPSs)
• Router-based IPSs
CiscoWorks VMS is an integrated security management solution that addresses the needs of both small- and large-scale VPN and security deployments by helping to protect productivity gains and reduce operating costs.. Unlike point security products from multiple vendors that can leave vulnerable gaps, CiscoWorks VMS provides a comprehensive solution that ties separate security and VPN technologies into a single secure network.
Intended Use
As enterprises seek to decrease their reliance on leased lines and Frame Relay networks and to provide site-to-site and remote-access connectivity using VPN technologies over a public Internet infrastructure, the need for effectively managing large-scale VPN connections is critical. Most medium to large enterprises deploy VPN technologies to lower the cost of remote connectivity for their business critical applications and to enable productivity gains using the Internet. Secure connectivity and its management are critical for these organizations as they take advantage of a VPN infrastructure to establish secure site-to-site and business-to-business communications.
For many small office or home office (SOHO) small and medium-sized business (SMB) environments, the Cisco IOS® Firewall provides robust, integrated firewall and intrusion detection for every perimeter of the network. Available for a wide range of Cisco IOS Software-based routers, the Cisco IOS Firewall offers sophisticated security and policy enforcement for connections within an organization (intranet) and between partner networks (extranets), as well as for securing Internet connectivity for remote and branch offices. CiscoWorks Management Center for VPN Routers supports the diverse requirements of Cisco customers from SMBs to large enterprises that are building corporate intranets and extranets. CiscoWorks Management Center for VPN Routers' robust architecture and scalable deployment model, coupled with secure remote management capabilities, provides flexibility. The application is easy to install and use and its Web interface provides users with navigation capabilities with no need to learn many different commands.
NEW FEATURES
CiscoWorks Management Center for VPN Routers 1.3.1 has the following new features:
• New wizard-like workflow to assist in end to end setup and management of VPN configurations
• Generic routing encapsulation (GRE) support for dynamically addressed devices
• Support for dial back up configuration
• Authentication proxy support and wide range of inspection rules for Cisco IOS Firewall configuration
• Management of preshared keys only-For customers who want to manage keys without managing VPN policies
• Support for new access routers (see release notes and user guides for more detail)
• Support for additional new devices
FEATURES AND BENEFITS
CiscoWorks Management Center for VPN Routers 1.3.1 provides many significant benefits that include:
• Simplified policy definitions-Wizard-based interface for the creation of VPN and Cisco IOS Firewall policies simplifies the task for novice and expert users to navigate policy definitions in a point-and-click environment.
• Single interface for a large number of hub-and-spoke and Cisco IOS Firewall devices-Router MC enables VPN configuration on a large number of access and VPN routers, including the Cisco 7600/Catalyst® 6500 Series IPsec VPN Service Module. In addition, it enables the configuration of Cisco IOS Firewall features including the configuration of ordered access rules assigned per interface and context-based access control features including the availability of the inspection action for access rules, alert and audit settings, fragmentation settings, Domain Name System (DNS) timeouts, protocol timeouts, and denial-of-service (DoS) prevention (half-open connections control).
• Hierarchical Inheritance and Smart Rules hierarchy-Reflects the organizational and common setup of devices and simplifies device management. Components are reusable, and device-specific differences can be expressed at a single device level.
• Flexibility for network resiliency models-Offers a choice of Internet Key Exchange-Keep Alive or GRE with Open Shortest Path First (OSPF) Protocol and Enhanced Interior Gateway Routing Protocol (EIGRP), and IP Security Home Agent Hot Standby Router Protocol for failover routing scenarios. Network administrators can use default settings or customize settings on routing protocols, loopback addresses, and timeout values.
• Administration model-Provides a centralized role-based, access-control (RBAC) model that allows for management of users and accounts in a centralized fashion, enables granular change management workflow, and provides robust change management for larger organizations.
• Simplified device import and deploy options-Offers a variety of choices for importing device configurations. Users can deploy the configurations to a device or a file and have a choice of deploying to individual devices or to a group of devices, reducing the possibility of errors.
• Tunneling and Network Address Translation (NAT)-Supports IP Security (IPSec), IPSec with GRE (over Frame Relay networks), and split tunneling using NAT.
• Rollback and recovery mechanisms-Provides backup and rollback to the last known good configuration.
Device Support
Hub and spoke devices:
• Cisco 7100, 7200, and 7400 series VPN routers
• Cisco 7600/Catalyst 6500 Series IPSec VPN Services Module
• Cisco 2600, 2800, 3600, and 3700 series multiservice platforms
• Cisco 1700 and 1800 series access routers
• Cisco 800 Series (WAN interface only) and Cisco 806, 827, 831, and 837 routers
PRODUCT SPECIFICATIONS
The primary specifications are listed in table 1.
Table 1. Product Specifications
Product Compatibility
• Cisco 800,1700, 1800, 2600, 2800, 3600, 3700, 7100, 7200, and 7400 series routers
• Cisco 7600/Catalyst 6500 Series IPSec VPN service module
Software Compatibility
• Cisco IOS Software Release12.2 and later
• Cisco IOS Software Release 12.2(13)T and later for Dynamic Multipoint VPN (DMVPN) deployments
Protocols
• Secure Sockets Layer (SSL)
Memory
• Refer to the CiscoWorks VMS 2.3 deployment guide
SYSTEM REQUIREMENTS
For comprehensive hardware and operating requirements, see the CiscoWorks VMS overview at: http://www.cisco.com/go/vms.
ORDERING INFORMATION
The Management Center for VPN Routers is a featured component of CiscoWorks VMS. For ordering details, refer to the VMS product bulletin at http://www.cisco.com/go/vms.
SERVICE AND SUPPORT
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.
FOR MORE INFORMATION
For more information about the CiscoWorks Management Center for VPN Routers, visit: http://www.cisco.com/go/vms, contact your local account representative, or send e-mail to: ciscoworks@cisco.com.
