IOS routers Provide RFC 2827 and RFC 1918 filtering, protocol filtering, and VPN termination, as well as stateful firewall and intercept features.
PIX firewalls Provide stateful firewall and VPN termination; 515 and higher support VPN accelerator card from PIX OS v5.3(1) with DES or 3DES license.
Cisco NIDS Provides intrusion monitoring across a network segment; usually set to alarm.
Cisco HIDS Provides host-level intrusion monitoring; usually set to alarm, drop, and (possibly) reset.
VPN concentrator Terminates many VPN tunnels at the headend; often used when more than 20 tunnels must be terminated . Can support a maximum of 10010,000 simultaneous users. Provides AES and DH Group 7 in addition to DES/3DES and DH Groups 1, 2, 5.
VPN clients Hardware client often used for small branches that provides tunnel termination and local DHCP and NAT. Software client used for single-host tunnel termination, with split tunneling not recommended. Receive policy and configuration for both pushed from headend.
Identity CiscoSecure ACS for AAA; runs on Windows 2000 server and Solaris (Solaris support ends in 2003).
Security management CiscoWorks VPN/Security Management Solution (VMS); Web-based tools for VPN configuration, monitoring, troubleshooting, and firewall and IDS management; also, CiscoSecure Policy Manager (CSPM) firewall-management functions have been moved to VMS.
