Saturday, December 3, 2022
HomeCloud ComputingLastly – IPsec On A Catalyst Swap

Lastly – IPsec On A Catalyst Swap

Half 1 of the 2-part IPSec Collection

The brand new Cisco Catalyst 9000X with IPsec assist is lastly a actuality. I’ll rapidly cowl three use circumstances which can be related to department deployments. 

Cisco launched the Catalyst 9000X sequence, which incorporates the C9300X, C9400X, C9500X, and C9600X. I’ll principally concentrate on the C9300X which helps IPsec right this moment as of IOS-XE 17.6.2 with Benefit licensing. The C9400X will assist IPsec quickly. 


Catalyst 9300X
Determine 1. Catalyst 9300X Trade first 100G {Hardware} Encryption and 1 Tbps stacking


The C9300X comes with a brand new enhanced Unified Entry Knowledge Airplane (UADP) ASIC known as the UADPsec.  This new ASIC permits for industry-first capabilities that permit the change to carry out as much as 100G of Layer 3 {hardware} encryption and as much as 1 Tbps of stacking.  It additionally helps improve assist for the applying internet hosting capabilities frequent to all Catalyst platforms.



C9300X IPSec
Determine 2. C9300X IPSec capabilities with IOS-XE 17.6.2


The excellent news is that the C9300X helps standards-based IPv4/IPv6 IPsec (as much as 128) tunnels. It additionally has assist for NAT Traversal, Multicast routing, Layer 3 Segmentation over IPsec, Layer 2 extension over IPsec, and even EVPN over the tunnel. 



C9300X IPSec Use Cases
Determine 3. C9300X IPSec Website-to-SIG, Website-to-Cloud, Website-to-Website


So, why is that this wanted? In case you are an SD-WAN buyer, then you have already got an structure in place. The Catalyst 9300X just isn’t meant to be an SD-WAN alternative and it’s an impartial resolution. It’s meant for patrons with the intention of lowering the variety of units on the department workplace. For instance, eradicating a router and/or firewall whereas making a safe tunnel connection. If that’s the case, then look no additional. The Catalyst 9300X can assist you obtain it.

The Catalyst 9300X can assist arrange a number of safe tunnels. There are three frequent use circumstances. The primary is Website-to-SIG. The Safe Web Gateway (SIG) assist could be to Umbrella, Zsaler, or every other third-party supplier. The second is Website-to-Cloud, which might set up a safe tunnel to your Cloud supplier of selection. The third use case is Website-to-Website. The C9300X can set up a safe tunnel to your Knowledge Heart firewall, router, and even one other C9300X change. These are no less than three explanation why this platform is best for you.

In my subsequent put up, I’ll present how you can onboard the C9300X change utilizing Cisco DNA Heart Plug and Play (PnP). As well as, I’ll present how you can create safe tunnels to the Umbrella SIG atmosphere. 





Please enter your comment!
Please enter your name here

Most Popular

Recent Comments