Cisco IOS Network Traffic Encryption Features
|
Rather Have Fast and Secure Remote
Control?
|
Encryption features found in the Cisco IOS provide the ability to secure data communications by encrypting the payload of packets. Once encrypted, the contents of packets cannot be read by utilities such as network analyzers. While encryption provides the benefit of securing network communications, it also comes with a cost in the form of higher router CPU utilization.
While a variety of data encryption techniques exist, Cisco routers provide the ability to secure data using two primary technologies – Cisco Encryption Technology (CET) and IPSec. CET is an older proprietary encryption method developed by Cisco, and has been phased out of the Cisco IOS as of version 12.1. IPSec is an IETF-standardized encryption method that was designed by a number of companies, including Cisco. Not only is IPSec an Internet standard, it also provides interoperable encryption between the equipment of different vendors.
Encryption techniques are most commonly employed to securely transmit data over untrusted public networks like the Internet. For example, data encryption is used to implement what are known as Virtual Private Networks (VPNs), using the Internet rather than dedicated WAN links as a backbone to connect locations. Imagine a situation in which a company has two locations, each of which are connected to the public Internet using Cisco routers whose IOS images support IPSec. The company uses the IPSec capabilities of the routers to form a secure encrypted tunnel over the Internet. When a user from Office 1 attempts to communicate with a server in Office 2, data will be encrypted at the Office 1 router, sent over the Internet as a regular datagram (with an encrypted payload), and then decrypted at the Office 2 router. The end stations need not know about, or have any encryption capabilities.
While the ability to encrypt traffic using Cisco routers is a useful feature, it can also have a considerable impact on router performance, especially CPU utilization. As a general rule, Cisco recommends that encryption not be configured on routers whose CPU utilization is already above 40%.
Written by Dan DiNicolo - Visit Website
Next post in CCDA Study Guide:
Terminal Access Controller Access Control System (TACACS) Authentication
Previous post in CCDA Study Guide:
Cisco IOS Network Traffic Compression Features
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
