- Schneider Electric ousts CEO over strategic differences
- Pakistani Hackers Targeted High-Profile Indian Entities
- The 2-in-1 laptop I recommend most is not a Dell or Lenovo (and it's $200 off)
- Los CIO buscan perfeccionar la gobernanza de la IA a pesar de las dudas
- Chinese Air Fryers May Be Spying on Consumers, Which? Warns
Finally – IPsec On A Catalyst Switch
Part 1 of the 2-part IPSec Series
The new Catalyst 9000X with IPsec support is finally a reality. I will quickly cover three use cases that are relevant to branch deployments.
Cisco introduced the Catalyst 9000X series, which includes the C9300X, C9400X, C9500X, and C9600X. I will mostly focus on the C9300X which supports IPsec today as of IOS-XE 17.6.2 with Advantage licensing. The C9400X will support IPsec soon.
The C9300X comes with a new enhanced Unified Access Data Plane (UADP) ASIC called the UADPsec. This new ASIC allows for industry-first capabilities that allow the switch to perform up to 100G of Layer 3 hardware encryption and up to 1 Tbps of stacking. It also helps enhance support for the application hosting capabilities common to all Catalyst platforms.
The good news is that the C9300X supports standards-based IPv4/IPv6 IPsec (up to 128) tunnels. It also has support for NAT Traversal, Multicast routing, Layer 3 Segmentation over IPsec, Layer 2 extension over IPsec, and even EVPN over the tunnel.
So, why is this needed? If you are an SDWAN customer, then you already have an architecture in place. The Catalyst 9300X is not meant to be an SDWAN replacement and it is an independent solution. It is meant for customers with the intention of reducing the number of devices at the branch office. For example, removing a router and/or firewall while creating a secure tunnel connection. If so, then look no further. The Catalyst 9300X can help you achieve it.
The Catalyst 9300X can help set up multiple secure tunnels. There are three common use cases. The first is Site-to-SIG. The Secure Internet Gateway (SIG) support can be to Umbrella, Zsaler, or any other third-party provider. The second is Site-to-Cloud, which can establish a secure tunnel to your Cloud provider of choice. The third use case is Site-to-Site. The C9300X can establish a secure tunnel to your Data Center firewall, router, or even another C9300X switch. These are at least three reasons why this platform is right for you.
In my next post, I will show how to onboard the C9300X switch using Cisco DNA Center Plug and Play (PnP). In addition, I will show how to create secure tunnels to the Umbrella SIG environment.
Share: