Advertisement
Table 4.
Cisco Configuration Assistant Security Feature Support
Category
Firewall
VPN
Security Features
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Cisco Configuration Assistant Security Feature Support
Feature
Application firewall
Zone-based firewall
URL filtering
Intrusion prevention system
(IPS)
Cisco Easy VPN Remote
Cisco Easy VPN Server
Secure Sockets Layer (SSL)
VPN
Split tunneling
Disable split tunneling
Security Setup Wizard
SSL- and SSH v2-based
secure remote access
Network Address Translation
(NAT)
Remove NAT and firewall
DMZ
Security audit
Security diagnostics
Monitoring
v 2.2(5)
v3.0
Description
X
X
Provides high, medium, and low security levels for firewall policy
settings to enable accelerated and easy deployment:
● Low: For business environments that do not need to track peer
to peer (P2P) and IM applications on the network or check for
protocol conformance
● Medium: For business environments where security is
important and there is a need to track the use of IM and P2P
applications and check for HTTP and email protocol
conformance
● High: For business environments where security is critical, and
there is a need for protocol anomaly detection services to drop
nonconformant HTTP and email traffic and prevent use of P2P
and IM applications
X
X
Advanced firewall supported by default on Cisco SR500 Series
Secure Router.
X
X
Supported on Cisco SR500 Series Secure Router only.
X
X
Supported on Cisco SR500 Series Secure Router only.
X
X
Scalable, easy-to-manage, secure remote access for teleworkers
for Cisco SR500 Series
X
X
Offers wizard-based configuration of remote-access VPN server
configuration for Cisco Unified Communications 500 Series
X
X
X
X
X
X
Uses Dynamic Virtual Tunnel Interface (DVTI) to allow
WAN/Internet access only from VPN hub site
X
X
Cisco SA500 software version 1.1.42 and earlier are not supported
by Cisco Configuration Assistant.
All other SA500 features are configured through the SA500
Configuration Utility, which is accessible from the Cisco
Configuration Assistant Topology view.
X
X
Provides for secure management between PC and Cisco Unified
Communications 500 Series.
X
X
1-to-1 static port mapping for TCP and User Datagram Protocol
(UDP) ports. VoIP pass-through enabled by default on Cisco
SR500 Series Secure Router. Cisco Configuration Assistant 3.0
adds support for 1-to-many static NAT mappings.
X
X
Remove NAT and firewall from Cisco Unified Communications 500
Series and Cisco SR500 Series Secure Router for deployments in
network with existing firewall
A DMZ network enables Internet users to access a company's
X
X
public servers, including web and FTP servers, while maintaining
security for the company's private LAN.
X
X
Assesses vulnerability of existing Cisco Unified Communications
500 Series and Cisco SR500 Series Secure Router.
Provides quick compliance with best-practices (Cisco Technical
Assistance Center [TAC], ICSA recommendations) security policies
for Cisco Unified Communications 500 Series and Cisco SR500
Series Secure Router.
X
X
Collect firewall/NAT and VPN debug logs.
X
X
EzVPN client and server, site-to-site VPN, SSL VPN, firewall, NAT,
and VPN status reports.
Feature Description Guide
Page 12 of 27
Advertisement
Need help?
Do you have a question about the SMART BUSINESS COMMUNICATIONS SYSTEM - FEATURE REFERENCE GUIDE 12-2010 and is the answer not in the manual?
Questions and answers