Half 1 of the 2-part IPSec Collection
The brand new Catalyst 9000X with IPsec help is lastly a actuality. I’ll rapidly cowl three use instances which might be related to department deployments.
Cisco launched the Catalyst 9000X collection, which incorporates the C9300X, C9400X, C9500X, and C9600X. I’ll principally deal with the C9300X which helps IPsec immediately as of IOS-XE 17.6.2 with Benefit licensing. The C9400X will help IPsec quickly.
The C9300X comes with a brand new enhanced Unified Entry Information Airplane (UADP) ASIC referred to as the UADPsec. This new ASIC permits for industry-first capabilities that permit the change to carry out as much as 100G of Layer 3 {hardware} encryption and as much as 1 Tbps of stacking. It additionally helps improve help for the appliance internet hosting capabilities frequent to all Catalyst platforms.
The excellent news is that the C9300X helps standards-based IPv4/IPv6 IPsec (as much as 128) tunnels. It additionally has help for NAT Traversal, Multicast routing, Layer 3 Segmentation over IPsec, Layer 2 extension over IPsec, and even EVPN over the tunnel.
So, why is that this wanted? If you’re an SDWAN buyer, then you have already got an structure in place. The Catalyst 9300X is just not meant to be an SDWAN substitute and it’s an impartial answer. It’s meant for purchasers with the intention of decreasing the variety of gadgets on the department workplace. For instance, eradicating a router and/or firewall whereas making a safe tunnel connection. In that case, then look no additional. The Catalyst 9300X can assist you obtain it.
The Catalyst 9300X can assist arrange a number of safe tunnels. There are three frequent use instances. The primary is Web site-to-SIG. The Safe Web Gateway (SIG) help could be to Umbrella, Zsaler, or every other third-party supplier. The second is Web site-to-Cloud, which may set up a safe tunnel to your Cloud supplier of selection. The third use case is Web site-to-Web site. The C9300X can set up a safe tunnel to your Information Middle firewall, router, and even one other C9300X change. These are not less than three the explanation why this platform is best for you.
In my subsequent submit, I’ll present the right way to onboard the C9300X change utilizing Cisco DNA Middle Plug and Play (PnP). As well as, I’ll present the right way to create safe tunnels to the Umbrella SIG setting.
Share:
