How we did it with infra review
 
|
|||
 | |||
|
We installed all of VPN/Security Management Solution Version 2.0 except for Cisco Secure Policy Manager Version 2.3 on a generic, dual-850 MHz CPU server with 512M bytes of RAM running Windows NT SP6a. We installed CSPM 2.3 on an identical system. We built a network of Cisco and non-Cisco devices, including five IOS routers, two PIX firewalls and a Cisco network intrusion-detection system sensor, as well as NetScreen Technologies and Nokia VPN devices. Although CSPM supports most recent versions of IOS and PIX, it doesn't support all versions, so we had to make some minor adjustments to bring every device in the testbed so that VMS 2.0 could support them.
We defined our topology in the various tools and let them autodetect information from the devices wherever possible. Then, we defined firewall rules for traffic between parts of the network and downloaded the configuration to each device. Using both inspections of the defined configuration and simple testing tools from WildPackets NetTools, we verified that the traffic permitted was what we had defined in our rules.
We then defined a VPN mesh and sent all the firewalled traffic through the VPN. Using WildPackets EtherPeek we again verified that traffic was encrypted; we also retested the firewall part of the configuration to check that no illegal traffic was getting through the VPN.
Finally, we used VPN Monitor to check on the status of the VPN. We generated traffic with Spirent Communications' SmartBits testing tools and verified that VPN Monitor was generating alerts and graphs to show traffic load and resource consumption.
RELATED LINKS
Snyder, a Network World Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.
Cisco VMS Version 2.0
Cisco upgrades security management suite, but tool integration lags.
