News Release

Cisco Advances Network Security; Integrates Multigigabit Network Security Services into the Catalyst 6500 Series

New Services Deliver Scalable, Comprehensive Security to the Campus, MAN, and WAN
Aug 27, 2002

SAN JOSE, Calif., August 27, 2002 - Cisco Systems, Inc. today introduces a new range of multigigabit network security services integrated into the Catalyst® 6500 Series of modular multilayer switches bringing end-to-end security to campus, wide-area networks (WANs) and metropolitan area networks (MANs). Security services now become a transparent, intrinsic part of the network providing customers the ability to scale security services and adapt security capabilities to a wide range of IP services, resulting in greater security throughout the network.

Customers can now deploy network security services on Cisco Catalyst 6500 Series switches through four new high-performance security services modules: the Catalyst 6500 Firewall Services Module, IPSec (Internet Protocol Security) Virtual Private Network (VPN) Service Module, Secure Sockets Layers (SSL) Services Module and the advanced Network Analysis Modules. The modules marry security services typically found at the network perimeter with the existing portfolio of rich Layer 2 - 7 network services on the Catalyst 6500 Series switch. Customers can now combine, with no expected performance degradation, security services with a range of IP services such as Voice over IP (VoIP), wireless LAN integration, Quality of Service (QoS), and content switching.

"By adding these security services on the Catalyst 6500, we can quickly add integrated, comprehensive capabilities to our existing network infrastructure rather than manage a separate appliance and try to tie it in with the underlying infrastructure," explained John Cunningham, lead network management systems architect for the Commonwealth of Massachusetts. "That's a significant advantage because a switch with end-to-end services increases overall performance and manageability, while reducing the costs of the network."

Through the scalability, high availability and modularity of the Catalyst 6500 Series, customers now have the flexibility to deploy and manage Catalyst 6500 Series as dedicated security platforms, or treat security as another network service. The Catalyst 6500 Series, for example, can support different configurations within a single chassis to combine new services like firewall and SSL with existing capabilities like intrusion detection and content switching. Such options give customers a cost-effective way to introduce customized security capabilities to the wiring closet, the WAN edge, and the Internet data center.

"Networks have evolved from closed to more open, sophisticated systems. As a result, security threats have grown exponentially both at the network perimeter and from within," explained Zeus Kerravala, vice president of Enterprise Computing and Networking Application Infrastructure and Software Platforms at The Yankee Group. "Cisco is the first with an articulated strategy to integrate security services into the network infrastructure. This is the most logical, cost-effective approach to secure today's extended network in a comprehensive fashion."

The security services modules use the same technologies as the Cisco PIX® Firewall and Cisco VPN products that customers are already familiar with. Customers can seamlessly introduce new security services on existing Catalyst 6500 Series switches to complement current security capabilities and protect existing security operations investments.

The design commonality with Cisco's existing security solutions means that Catalyst 6500 Series switches equipped with any of these new modules can be easily incorporated into any SAFE implementation. As the security blue print for Cisco AVVID (Architecture for Voice, Video and Integrated Data), SAFE is a comprehensive set of guidelines for integrating security solutions throughout network infrastructures.

Security Services Modules:

  • Catalyst 6500 Firewall Services Module: Each module delivers 5 Gbps throughput and 100,000 connections per second, with integrated stateful inspection up to Layer 7, extending security from the edge to internal networks, helping implement end-to-end security policies for the network. Up to four modules can be integrated into a single Catalyst 6500 Series chassis to scale up to 20 Gbps throughput and 400,000 connections per second.
  • Catalyst 6500 IPSec VPN Services Module: Provides 1.9 Gbps 3DES per module and 8,000 concurrent tunnels, with encryption providing secure IPSec-based connectivity for an enterprise's WAN, campus or inter-departmental communications.
  • Cisco Catalyst 6500 SSL Services Module: Provides 2,500 connections per second and 300 Mbps SSL encryption, decryption security for secure processing of Web-based applications and E-commerce Web sites.
  • Cisco Catalyst 6500 Network Analysis Modules (NAM-1 and NAM-2): Up to 1 Gbps performance capabilities deliver integrated traffic monitoring for full visibility into applications, hosts, conversations, VoIP and QoS. This information is critical to better use resources, detect anomalies and isolate network problems.

Pricing & Availability

The modules also compatible with the Cisco 7600 Series routers, which offer high-touch IP services at the network edge. The Catalyst 6500 Firewall Services Module and the Catalyst 6500 SSL Services Module will be available in September 2002 for $34,995 and $29,995, respectively. The Catalyst 6500 IPSec VPN Services Module is available now for $35,000, and the Catalyst 6500 Network Analysis Modules NAM-1 and NAM-2 are available now for $17,995 and $29,995, respectively. More information on SAFE is available at