Cisco Blogs


- February 27, 2008 - 0 Comments

Co-authored with Shyam Kota, Product Manager at Cisco working towards a secure Internet infrastructureWith the advent of Web 2.0 applications, enterprises and their respective service providers are viewing the network as a service enabler that transports critical business applications. Doing so over the public internet is considered risky from an infosec perspective, prone to loss of data confidentiality to hackers and fraud. To ensure secure transport of data, various proprietary protocols were developed – however the scope of these were limited to the application they were designed to serve. To overcome such limitations and ensure a uniform end-to-end security framework, IPSec for IP was developed by IETF.What makes this Possible?Designed by the Internet Engineering Task Force (IETF) as the security architecture for the Internet Protocol, IPSec defines IP packet formats and related infrastructure for transporting IP traffic with end-to-end authentication, ensuring integrity and confidentiality for network traffic. IPSec protocol allows for negotiation of IPSec policies and security associations and transporting encrypted data over any network (public or private) between trusted peers/systems. The SolutionFor transport of data securely, two common approaches are available. For telecommuters and remote users, IPSec tunnel can start at the end user (PC) and terminated at the SP edge. The data from the user can be transported securely over the internet and decrypted at the SP edge and sent to the final destination over an IP/MPLS network.The other approach is to create a IPSec tunnel between Enterprise edge and the SP edge, whereby all traffic is encrypted by default.The first approach allows for secure remote access for all users and requires support for termination of potentially thousands of IPSec tunnels at the SP edge. The latter approach allows for secure data transport for enterprises between headquarters and branch offices via the SP core network.For service providers, the ability to offer secure VPN service in the network is very appealing value add. This approach can also enable offering new services rapidly, in areas where the SP does not have a services footprint. Cisco has a complete portfolio of solutions that provide IPSec support. The workhorse of the service provider edge platforms – Cisco XR-12K – introduces this functionality via the IPSec shared port adapter – each of which can deliver up to 2 Gbps of AES and 3DES encrypted data traffic along with scaling up to 16,000 site-to-site or remote-access IPsec tunnels simultaneously.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.