Home CCNP Study Guide Flexible Cisco VPN Suits Small Networks

Flexible Cisco VPN Suits Small Networks

Written by Wendell E. Jaynes    Sunday, 08 March 2009

Cisco Router Virtual private network (VPN) technology is moving from the gee-whiz stage into the day-to-day arena of networking professionals. And Cisco's new 1720 router shows that the networking giant is paying attention to the trend. The 1720 is somewhat similar to the 1600 line of small office/home office routers, but the new version adds VPN capabilities and greater flexibility, thanks to its two WAN Interface Card (WIC) slots. I would definitely recommend it for small offices, especially in cases where leased lines would cost a fortune. The 1720 does not offer any greater functionality than dedicated VPN solutions, but its all-in-one approach is attractive. One box handles routing, firewall capabilities, and VPNs, which should make administering remote offices much easier. Using the 1720 is, thankfully, pretty much like using any other device powered by Cisco's Internetworking Operating System (IOS) networking device. It took just a few minutes to get the unit up and running, and to establish a VPN connection over the Internet. The 1720 is the first router I've worked with that sports Cisco's new IOS 12.0, but this new version is quite similar to IOS 11.x, and should not cause any confusion. The 1720 supports the IPSec protocol -- as well as Layer 2 Tunneling protocol and Layer 2 Forwarding tunneling -- making it easy to integrate the router into existing networks as well as newer infrastructures. Configuring IPSec using the command line interface took a bit of learning, but it shouldn't be difficult for anyone familiar with IOS. Cisco is promising a future version of its ConfigMaker software, which will allow GUI-based configuration of IPSec; the current version supports most of 1720's features, but not the IPSec portion. Although ConfigMaker can be handy, it's probably not terribly important. If someone needs a GUI to configure a router, they're probably not the right person for the job. I liked the inclusion of two WIC slots on the 1720, because this allows for configuring both fractional T1 and ISDN service, or connection to multiple offices or ISPs. Like most Cisco routers, the auxiliary serial port can also be used to establish a backup dial-up connection. As with the 1600-series, the WICs are not hot-swappable, but that's normal for this class of router. Out of the box, the 1720 can provide encryption for as much as 512Kbps of data using 56 bit DES. This level should be plenty for most small office connections because the router only has to process traffic for the VPN tunnel, and not all Internet traffic. Down the road, the company plans to offer a hardware encryption accelerator, which will plug into the 1720 and offer encryption at full T1-E1 data transmission rates. I was disappointed that the 1720 did not offer the same external flash ROM card that the 1600 and 3600 use, because those cards have saved me a lot of time by allowing me to prepare router images for new routers on an existing unit. The 1720 does have a flash cartridge, but it is inside the unit and probably not worth disassembling the thing to get to it. Other than that, my only real complaint with the 1720 is with the lack of an xDSL WIC. With DSL becoming more and more widely accepted --coupled with the fact that it is so much cheaper than fractional T1s --a Digital Subscriber Line, or DSL, WIC would further enhance the cost-saving nature of the 1720. The router does have a 10/100 Ethernet port, which enhances its flexibility. Of course, the router will never see 100Mbps of traffic (the most it can handle is four T1 lines, or 6Mbps), but having the port operate at that speed will allow it to be used in environments that only have 100BaseT. In short, the VPN capabilities and added flexibility provided in the 1720 router make it a really good fit for small offices.

Last Updated ( Sunday, 08 March 2009 )