Finally – IPsec On A Catalyst Switch

0
81
Finally – IPsec On A Catalyst Switch


Part 1 of the 2-part IPSec Series

The new Catalyst 9000X with IPsec assist is lastly a actuality. I’ll rapidly cowl three use circumstances which can be related to department deployments. 

Cisco launched the Catalyst 9000X collection, which incorporates the C9300X, C9400X, C9500X, and C9600X. I’ll largely deal with the C9300X which helps IPsec at the moment as of IOS-XE 17.6.2 with Advantage licensing. The C9400X will assist IPsec quickly. 

 

Catalyst 9300X
Figure 1. Catalyst 9300X Industry first 100G Hardware Encryption and 1 Tbps stacking


 

The C9300X comes with a brand new enhanced Unified Access Data Plane (UADP) ASIC referred to as the UADPsec.  This new ASIC permits for industry-first capabilities that enable the swap to carry out as much as 100G of Layer 3 {hardware} encryption and as much as 1 Tbps of stacking.  It additionally helps improve assist for the applying internet hosting capabilities frequent to all Catalyst platforms.

 

 

C9300X IPSec
Figure 2. C9300X IPSec capabilities with IOS-XE 17.6.2


 

The excellent news is that the C9300X helps standards-based IPv4/IPv6 IPsec (as much as 128) tunnels. It additionally has assist for NAT Traversal, Multicast routing, Layer 3 Segmentation over IPsec, Layer 2 extension over IPsec, and even EVPN over the tunnel. 

 

 

C9300X IPSec Use Cases
Figure 3. C9300X IPSec Site-to-SIG, Site-to-Cloud, Site-to-Site


 

So, why is that this wanted? If you might be an SDWAN buyer, then you have already got an structure in place. The Catalyst 9300X is just not meant to be an SDWAN alternative and it’s an unbiased resolution. It is supposed for purchasers with the intention of lowering the variety of gadgets on the department workplace. For instance, eradicating a router and/or firewall whereas making a safe tunnel connection. If so, then look no additional. The Catalyst 9300X might help you obtain it.

The Catalyst 9300X might help arrange a number of safe tunnels. There are three frequent use circumstances. The first is Site-to-SIG. The Secure Internet Gateway (SIG) assist may be to Umbrella, Zsaler, or some other third-party supplier. The second is Site-to-Cloud, which might set up a safe tunnel to your Cloud supplier of alternative. The third use case is Site-to-Site. The C9300X can set up a safe tunnel to your Data Center firewall, router, and even one other C9300X swap. These are no less than three the explanation why this platform is best for you.

In my subsequent publish, I’ll present easy methods to onboard the C9300X swap utilizing Cisco DNA Center Plug and Play (PnP). In addition, I’ll present easy methods to create safe tunnels to the Umbrella SIG setting. 

 


Share:

LEAVE A REPLY

Please enter your comment!
Please enter your name here