Datasheet
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 7 of 15
Feature Benefit
Native Integration with Popular
User Authentication Services
• Provides convenient method for authenticating VPN users through native integration with popular
authentication services including Microsoft Active Directory, Microsoft Windows Domains,
Kerberos, LDAP, and RSA SecurID (without requiring a separate RADIUS/TACACS+ server to act
as an intermediary)
X.509 Certificate and CRL Support
• Supports Simple Certificate Enrollment Protocol (SCEP)-based enrollment and manual enrollment
with leading X.509 solutions from Baltimore, Cisco, Entrust, iPlanet/Netscape, Microsoft, RSA, and
VeriSign
• Interoperates with large-scale Public Key Infrastructure (PKI) deployments through n-tiered
certificate hierarchy support
Resilient Architecture
Active/Active and Active/Standby
Stateful Failover
• Ensures resilient network protection for businesses through the award-winning high availability
services provided by certain models of Cisco PIX 525 Security Appliances
• Supports Active/Standby failover services as a cost-effective high availability solution, where one
failover pair member operates in hot-standby mode acting as a complete redundant system that
maintains current session state information for the active unit
• Delivers advanced Active/Active failover services where both Cisco PIX Security Appliances in a
failover pair actively pass network traffic simultaneously and share state information bi-directionally,
enabling support for asymmetric routing environments and effectively doubling the throughput of the
failover pair for bursty network traffic conditions
• Supports long-distance failover enabling geographic separation of failover pair members, providing
another layer of protection
VPN Stateful Failover
• Maximizes VPN connection uptime with new Active/Standby stateful failover for VPN connections
• Synchronizes all security association (SA) state information and session key material between failover
pair members, providing a highly resilient VPN solution
• Note: this feature is available on Unrestricted (UR), Failover (FO), and Failover-Active/Active (FO-
AA) models only.
Zero-Downtime Software Upgrades
• Enables businesses to perform software maintenance release upgrades on Cisco PIX Security
Appliance failover pairs without impacting network uptime or connections through the support of
state-sharing between mixed Cisco PIX Security Appliance Software versions (running version 7.0(1)
or higher)
Intelligent Networking Services
VLAN-Based Virtual Interfaces
• Provides increased flexibility when defining security policies and eases overall integration into
switched network environments by supporting the creation of logical interfaces based on IEEE 802.1q
VLAN tags, and the creation of security policies based on these virtual interfaces
• Supports multiple virtual interfaces on a single physical interface through VLAN trunking, with
support for multiple VLAN trunks per Cisco PIX Security Appliance
• Supports up to 100 total VLANs on Cisco PIX 525 Security Appliances
QoS Services
• Delivers per-flow, policy-based QoS services, with support for LLQ and traffic policing for
prioritizing latency-sensitive network traffic and limiting bandwidth usage of administrator-specified
applications
• Enables businesses to have end-to-end QoS policies for their extended network