Secure Network

Foundation 2.5

Small Business Technical Marketing

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 Major Business Challenges

 Improve operational efficiency

Provide access to real-time business information
Enhance employee and partner collaboration
 Enhance customer responsiveness
Give service agents real-time access to customer
information
Provide customers with intuitive self-service
options
 Protect sensitive information
Secure customer information
Identify, prevent, and adapt to security threats
 Keep costs low and returns high
Simplify and accelerate deployment network
devices and intelligent features
Simplify troubleshooting and management of
network

Need a better way of doing business

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
 Secure Network Foundation 2.5
Main Office Remote Office

PC PC PC PC PC PC
ISR 1800
Series Router
Secure
Access Catalyst 2960 switch

Catalyst® 2960
switch
PC PC PC

ISR 2800 Provide highly secure connectivity

Series Router to users in remote offices

The Cisco Secure Network Enable a fully connected office with

Foundation is easy to learn and Fast Ethernet and Gigabit Ethernet
manage. connections. Support advanced network
It addresses immediate needs and Secure capabilities for the more demanding
allows ample room for growth. Access small business environment.

ISR: Integrated Services Router Public

hotspot

 ISR 1900 and 2900 series Secure PC with

routers can replace current Access VPN client
ISR 1800 and 2800 series WAN/
routers Extend the reach of the network
Internet to anyone, anywhere, at any time
 SNF forms foundation for
voice, video, wireless and Mobile Office
storage
For more details on how to design and implement the Secure Network Foundation, visit:
www.cisco.com/go/smartdesigns
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
 Secure Network Foundation 2.5
LAN Components - Enable A Connected Office

 Cisco Catalyst 2960 series switches –

diverse range of switch configurations
8, 24 and 48 port 10/100 configurations
24 and 48 port 10/100 with PoE
7, 20 and 44 port 10/100/1000 configurations
10/100/1000 Gigabit Ethernet, dual-purpose Gigabit
Ethernet and SFP Uplink options

 Common features across the Cisco

Catalyst 2960 series switches Cisco Catalyst 2960
QoS to prioritize delay-sensitive and high bandwidth Series switches
network traffic
Basic and enhanced security, including: IEEE
802.1x port security, Access Control Lists (ACLs)
and Virtual LANs (VLANs)
Comprehensive ease-of-use capabilities like GUI-
based management (CNA) and Role-based smart
port macros

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Secure Network Foundation 2.5
WAN Components - Provide Secure Connectivity

 Cisco ISR 800, 1800 and 2800 Series

Routers Configurations
A built-in Fast Ethernet LAN switch for local
network traffic (ISR 800 Series only)
Choice of 10/100/1000 Mbps Ethernet, ADSL2/2+,
VDSL2 or G.SHDSL WAN connections
Modular architecture with multiple module slots to Cisco ISR 1800 Series
provide connectivity and services options (ISR
1841 and ISR 2800 series)
Enhanced redundancy, including diagnostics and
backup power supplies, increasing fault tolerance
and business uptime (ISR 2800 series)
 Common Features
Cisco IOS Firewall and VPN support to control
access in and out of the network
Quality of Service (QoS) abilities for optimizing Cisco ISR
performance and reliability 2800 Series

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Secure Network Foundation 2.5
Network Topology – Main Office

WAN/
Internet

WAN
Router

Publicly Accessible Servers

(Web server, e-mail server
etc)
Business specific servers not
accessible from Internet

Local Area Network (LAN)

Shared Devices (printers, FAX
An interconnected set of LAN machines, Network Storage,
switches etc.

End user devices such as laptops, PCs, IP

Phone, etc.

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
 Secure Network Foundation 2.5
LAN Connectivity Design Options

Flexible Design Options

 Integrated switch in the WAN router
Suitable for small deployments – when the number of
employees is small enough WAN Router with Integrated switch
Router has enough ports to connect the users

 Single External Switch WAN

Router
Suitable for deployments – when a single switch has
enough ports to connect the employees Switch

 Multiple Switches
Need to support users in different areas of the office WAN
Router
Traffic from multiple access switches are aggregated
by an aggregation switch Aggregation
switch
Higher scalability and performance: leveraging
hardware-based capability of the switch, e.g. QoS
Enable the ISR to focus on secure routing functions
Access switches

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Secure Network Foundation 2.5
WAN Connectivity Design Options
WAN/
Internet
 Flexibility – Choice of
WAN Links WAN
Router
xDSL, cable (Ethernet), ISDN,
DSL over ISDN, T1/E1, etc.
DMZ Servers
 Access to the Internet
Employees can access Internet LAN Switches

WAN link provided by ISP

 Hosting Publically
Accessible Servers (DMZ)
Internet access to locally hosted
servers such as Web servers, E- WAN/
mail servers etc. Internet

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
 Secure Network Foundation 2.5
Security Design Options

 Network Infrastructure  Demilitarized Zone (DMZ)

Protection Isolates your publically accessible
Prevents unauthorized access to servers in the network for security
network devices purposes

 Firewall protection  LAN Security

Prevents unauthorized access to Prevents a hacker from bringing down
network connected devices the network by attaching additional
switches or simulating too many
Helps maximize your uptime by connected devices
mitigating DoS attacks
Alleviates the effects of unintentional or
malicious traffic storms
Valid Business Traffic
Authenticated user access to the LAN
(802.1x) – Optional
Internet
 Additional Security Features
IPS, URL-filtering, Content filtering,
email/spamblocker can be added to
SNF
Unwelcome Visitors
and Unwanted Traffic

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Secure Network Foundation 2.5
VPN design options

 Remote Office
IPSec site-to-site VPN Remote
Office
Up to 5 Remote Offices

 Home Office
Easy VPN
A small router is used to
establish VPN connection WAN /
Home Office Internet
 Mobile Worker
Main
VPN Connection from laptop Office

SSL VPN Mobile

Easy VPN Worker

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
 Secure Network Foundation 2.5
Foundation for Additional Services
SNF provides the infrastructure to deploy other services -

 Unified Communications
Ensures voice traffic is not dropped
during network congestion, and gets
priority over other traffic (Quality of
service)
Voice traffic isolation (VLAN), PoE,
Automatic Phone Detection
Secure Network
 Wireless Foundation
(Firewall, Anti Virus,
Wireless traffic isolation (VLAN), PoE Intrusion Protection,
for Wireless APs, Wireless QoS VPN, QoS)

 Video
Adequate bandwidth to video traffic
during network congestion
Video traffic isolation

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
 Secure Network Foundation 2.5
Products and Ordering
 Smart Design Bill of Materials (Classic Series)
List of tested products and their SKU numbers
List of alternative options (upgrades) for increased functionality
and performance

 Small Business Product Guide

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
 Cisco Small Business Product Guide
http://www.cisco.com/web/partners/sell/smb/tools_and_resources/index.html

 SBPG Guiding Principles

Audience: partners whose customer base is
Small Business
Feature: all product and technology
purchased by Small Business customers
Value: simple decision logic to determine the
appropriate products
Concise: top 10 product messaging and
features to communicate with customers

 Contents
Product positioning and messages
Primary product features
Decision logic for different SKUs
Comparison table for different SKUs

 Recommended use
A reference guide
Leverage Cisco.com collaterals for additional
product details
Purchase

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
 Smart Designs
www.cisco.com/go/smartdesigns

Advanced Deployments
Base Design Integrated Design Hybrid Design

LAN L2 Switching L3 Switching L3 Switching

Security ISR ISR ASA

Remote Office IPSec Point-Point DMVPN DMVPN
(Site to site VPN)

Home Office EasyVPN EasyVPN EasyVPN

EasyVPN EasyVPN EasyVPN
Mobile Worker
SSL VPN SSL-VPN SSL-VPN
DMZ Optional Supported Supported
High Availability No Supported Supported
Capacity Low Medium High
Design &
Configuration GUI and CLI Implement CLI CLI

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Smart Business Communications System
Business Impact
 Lower total cost of ownership
 Enhanced business performance
Profit-line benefits from operational
efficiency
More responsive, personalized customer
relationships
Increased system performance
and security
 Faster business evolution
Longer lifecycle for technology
investments
Spend more time managing business and
less time managing technology
More productive/happy employees
 Smart Business Roadmap
Right choice for today and right choice for
tomorrow
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16