our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/

The 1720 lets you build a WAN using the Internet instead of leased lines, which reduces WAN costs. And it can handle a complete range of ISDN lines (up to a T1), accommodating a site of any size. Despite its small size, the router is packed with features, including an integrated firewall, a VPN tunnel server, CSU/DSU and NT1, as well as software-based encryption. It handles multiprotocol routing (IP, IPX, AppleTalk and IBM/SNA), so you can add it to any network environment. And it facilitates more protocols than most current VPN products.

Configuration and Management I tested a beta version of the 1720 in our Manhasset, N.Y., lab and noted its ease of configuration and administration. Not only does the 1720 include a CLI (command-line interface) that is quite similar to the one used with Cisco's PIX Firewall and LocalDirector products, but it also can be configured using Cisco Configmaker 2.2, a wizard-based tool that was bundled with the test unit. Running on Windows95/98 or NT, this software lets you set up the 1720 via its GUI interface and access the unit via the network or the service console port. Configuration via a Web browser is another alternative.

You can manage the 1720 via SNMP using CiscoView, CiscoWorks 2000 network management tool, or a telnet session. In the lab, I configured the 1720 using the CLI. Once my initial settings were in place, and my WAN card settings were complete, I used Configmaker to add other settings, such as SNMP information, and to enable AppleTalk and IPX protocols. My test unit was running in about 20 minutes.

The 1720 boasts a bevy of hardware support. It uses a RISC processor, which provides the encryption and performance necessary for broadband access technologies, such as DSL (Digital Subscriber Line). The unit includes an expansion slot on its main board reserved for future support of hardware services, such as compression and hardware encryption.

WICs List The 1720 also supports two WAN interface slots for use with the same WICs (WAN Interface Cards) as the Cisco 1600, 2600 and 3600. The 1720 supports seven different WICs in all, from 56 Kbps with CSU/DSU up to a T1 card.

My test unit was equipped with one WAN interface card with an integrated CSU/DSU and one ISDN BRI (Basic Rate Interface) card with integrated NT1. I used the T1 CSU/DSU card on our test network, which was somewhat difficult to set up.

The heart of the 1720 is Cisco's IOS (Internetwork Operating System) 12.0 software, which fosters the router's modularity and supports software encryption (Cisco says it plans to address the issue of hardware encryption in the future). The unit incorporates L2TP, IPSec, DES (Data Encryption Standard) and Triple DES to ensure the security of data traveling across the public network. I tested the 1720's L2TP and IPSec support; when I set up two VPN devices, I "saw" the tunnel between them.

The 1720's user authentication and accounting capabilities are provided by PAP/CHAP (Password Authentication Protocol/Challenge Handshake Authentication Protocol), TACACS+ (Terminal Access Controller Access Control System Plus), RADIUS (Remote Access Dial-In User Service) and tokens for remote users. Any client that meets the IPSec or L2TP standards will not have interoperability issues with the 1720.

The 1720 also incorporates NAT (Network Address Translation) and PAT (Port Address Translation) for outbound traffic. (The latter is especially appealing if you are trying to conserve IP addresses.) The configuration of these options models other similar Cisco products, so I didn't encounter anything unfamiliar. In the lab, I created a global pool to which our IP addresses would be translated. If you are comfortable with the PIX firewall, you'll have no trouble setting this up.

The 1720's only real drawback is its overwhelming number of options; choosing the right VPN solution might be a little less painful if Cisco offered fewer options.

Vic Cutrone is a WAN engineer with CMP Media in Manhasset, N.Y. Send your comments on this article to him at vcutrone@cmp.com.