Cisco gear hooks small offices to VPNs

Cisco is wheeling out a string of new security routers for small offices this month that make it possible to network small and home offices into business VPNs.

Two low-end devices called the SOHO 91 and SOHO 97 routers are meant for telecommuter offices and support up to 300K bit/sec of DES-3-encrypted VPN traffic. The devices also include firewalls and four-port 10/100M bit/sec Ethernet switches. The SOHO 91 has an Ethernet WAN port, while the SOHO 97 has a built-in ADSL modem. Their prices start at $349 and $449, respectively.

For sites that need higher throughput, the Cisco 831 and 837 routers can include firewall, VPN and hardware to accelerate encryption and support voice, video and data. They are capable of 2M bit/sec DES-3 encryption. Both boxes include four-port 10/100 Ethernet switches. The 831 has an Ethernet port to connect to WAN devices such as a DSL modem or CSU/DSU. The 837 has an ADSL modem built in.

The 831 comes with hardware acceleration for encryption. An option to add other features – such as the ability to deliver quality of service for voice and video, intrusion detection and an Easy VPN feature that makes it simpler to set policies on individual devices – costs extra. The same software package is available for the 837, and it also turns on the hardware acceleration for encryption, which is turned off in the basic model. This package costs an extra $150 over the base price of $800. The 831 costs $650. All are available at the end of the month.

These new devices are part of a Cisco security announcement that also includes hardware to speed up VPN traffic on routers, a Secure Sockets Layer (SSL) acceleration appliance and upgrades to Cisco IOS software.

Two new accelerator cards can be added to Cisco 2691, 3660 and 3700 routers to improve VPN throughput and lighten the load on the routers’ CPUs. With throughput of 80M bit/sec, the EP II card handles DES-3 and AES encryption, as well as compression. The HP II has throughput of 90M bit/sec. The EP II costs $2,500, and the HP II costs $3,500. Both are available next month with the release of IOS 12.2(14T).

The SSL appliance, called Secure Content Accelerator (SCA) II, performs 800 SSL transactions per second and works with any switch, router or Layer 4 to 7 device. It costs $18,000 and is available this month.

IOS upgrades include failover between routers that support VPNs, so if one router dies or the connection breaks for some other reason, a backup router takes over without dropping sessions. The upgrade also includes dynamic multi-point meshing of VPNs, in which a hub router in a hub-and-spoke network sets up VPN tunnels on the fly as they are requested. That enables businesses to set up VPN links just between the spoke sites and the hub, leaving the hub router to connect spokes to spokes as the need arises. This reduces the amount of VPN tunnel provisioning administrators have to perform.

The new IOS version also updates its intrusion-scanning library with the addition of 42 more intrusion signatures that it can screen for.