Half 1 of the 2-part IPSec Sequence
The brand new Catalyst 9000X with IPsec assist is lastly a actuality. I’ll rapidly cowl three use instances which are related to department deployments.
Cisco launched the Catalyst 9000X collection, which incorporates the C9300X, C9400X, C9500X, and C9600X. I’ll largely give attention to the C9300X which helps IPsec as we speak as of IOS-XE 17.6.2 with Benefit licensing. The C9400X will assist IPsec quickly.
The C9300X comes with a brand new enhanced Unified Entry Knowledge Airplane (UADP) ASIC known as the UADPsec. This new ASIC permits for industry-first capabilities that enable the swap to carry out as much as 100G of Layer 3 {hardware} encryption and as much as 1 Tbps of stacking. It additionally helps improve assist for the applying internet hosting capabilities widespread to all Catalyst platforms.
The excellent news is that the C9300X helps standards-based IPv4/IPv6 IPsec (as much as 128) tunnels. It additionally has assist for NAT Traversal, Multicast routing, Layer 3 Segmentation over IPsec, Layer 2 extension over IPsec, and even EVPN over the tunnel.
So, why is that this wanted? If you’re an SDWAN buyer, then you have already got an structure in place. The Catalyst 9300X isn’t meant to be an SDWAN alternative and it’s an unbiased resolution. It’s meant for patrons with the intention of lowering the variety of gadgets on the department workplace. For instance, eradicating a router and/or firewall whereas making a safe tunnel connection. If that’s the case, then look no additional. The Catalyst 9300X can assist you obtain it.
The Catalyst 9300X can assist arrange a number of safe tunnels. There are three widespread use instances. The primary is Web site-to-SIG. The Safe Web Gateway (SIG) assist may be to Umbrella, Zsaler, or some other third-party supplier. The second is Web site-to-Cloud, which might set up a safe tunnel to your Cloud supplier of alternative. The third use case is Web site-to-Web site. The C9300X can set up a safe tunnel to your Knowledge Heart firewall, router, and even one other C9300X swap. These are at the very least three explanation why this platform is best for you.
In my subsequent put up, I’ll present learn how to onboard the C9300X swap utilizing Cisco DNA Heart Plug and Play (PnP). As well as, I’ll present learn how to create safe tunnels to the Umbrella SIG atmosphere.
Share:
