Network Computingwww.networkcomputing.com

Other Sneak Previews this issue

L-3 Expert Raises the Bar for Security By Mike Fratto Commander Holds Down the Fort By Gregory Yerxa I-Studio: Streaming Video on a Budget By Jeffrey H. Rubin

Company Directory

Browse our directory to get data, starting with a particular company.

Reader Service

Allows you to request additional product information from our advertisers.

Print The Full Article

ClickHere

E-mail this URL

ClickHere

Buy the Book

In my tests at the MCI Developer's Lab in Richardson, Texas, the 804's compression performance was hard to believe. I ran the numbers three times against a baseline before I trusted them. Using Ganymede Software's Chariot test suite running FTP puts and gets with highly compressible content, the Cisco 804 achieved throughput rates of more than 1 Mbps--nine times the base bandwidth of the ISDN connection. This is twice the performance normally seen with ISDN routers.

The model I tested featured a four-port Ethernet hub, two analog POTS jacks for phone and fax connections, and a beta of Cisco's Firewall Feature Set, which includes advanced traffic filtering, data encryption, neighbor router authentication and event logging. I configured several access control and security features, as well as NAT, and saw no performance degradation. On average, ISDN call setup was a peppy 2.5 seconds when using CHAP authentication.

My tests involved connectivity to an ISP using NAT, while exposing an internal Web server and FTP server to the outside. I connected to a Lucent PortMaster 3 router using a routed subnet, and configured firewall features for Context-Based Access Control, which maintains per-connection state information for protocols including FTP, H.323, SMTP and RealAudio. Router performance was not noticeably affected.

During security checks, I configured access lists and content inspection rules, and easily blocked access to all devices, protocols and ports I didn't explicitly choose to publish. These were verified via Fyodor's NMAP utility (from www. insecure.org), which ran port scans and tried to open a remote shell session to the router. The 804 then issued alerts of possible intrusion to the console.

Next, I tested the 804's Java screening options. When I tried to download an illegal Java applet, an alert was issued at the console and the applet was halted. After I OK'd the applet's source destination, it passed through correctly.

The 804 is configurable via standard IOS commands as well as Cisco FastStep, a basic graphical configurator that doesn't exploit most of the router's power. GUIs are useful for consumer-oriented devices with few functions, but in the enterprise they hide too much information. Essentials such as data compression are not exposed at the GUI, and if you support these routers, you must familiarize yourself with the full IOS. Worse, FastStep configuration files may open a security hole, as the application displays router passwords in the clear. Until FastStep is greatly enhanced, use it as a one-time command generator and edit the configuration manually--and be sure to change your passwords.

Most voice features worked flawlessly in the lab. Unlike many low-end ISDN routers, CallerID information passed successfully over the analog ports. Sound quality over the POTS jacks tops the Cisco 776, which produces a noticeable echo. The 804 releases calls and produces new dial tones quickly.

The experimental IOS 12 release running on my router posed a few problems. In several situations, outbound call bumping--voice calls pre-empting data calls in progress--failed to produce a dial tone. The router couldn't autodetect the ISDN switch type and SPID in my NI-1-based installation. Modem calls across the analog ports often failed and would not negotiate high-speed connections. Cisco acknowledges these problems, and plans to correct them by the time you read this.

Send your comments on this article to David Willis at dwillis@nwc.com.