Datasheet
6
ISG1000 ISG2000
IPsec VPN
Concurrent VPN tunnels
8
10,000 10,000
Tunnel interfaces
8
Up to 512 Up to 1,024
DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes
MD-5 and SHA-1 authentication Ye s Ye s
Manual key, IKE, PKI (X.509), IKEv2 with EAP Yes Yes
Perfect forward secrecy (DH Groups) 1, 2, 5 1, 2, 5
Prevent replay attack Ye s Ye s
Remote access VPN Yes Yes
L2TP within IPsec Yes Yes
IPsec NAT traversal Yes Yes
Redundant VPN gateways Ye s Ye s
User Authentication and Access Control
Built-in (internal) database - user limit
8
50,000 50,000
Third-party user authentication RADIUS, RSA SecurID, and LDAP RADIUS, RSA SecureID, LDAP
RADIUS accounting Yes – start/stop Yes – start/stop
XAUTH VPN authentication Ye s Ye s
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unified access control enforcement point Yes Yes
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10) Ye s Ye s
Automated certificate enrollment (SCEP) Yes Yes
Online Certificate Status Protocol (OCSP) Yes Yes
Certificate Authorities supported VeriSign, Entrust, Microso, RSA Keon,
iPlanet (Netscape) Baltimore, DoD PKI
VeriSign, Entrust, Microso, RSA Keon,
iPlanet (Netscape) Baltimore, DoD PKI
Self-signed certificates Yes Yes
Virtualization
10
Maximum number of virtual systems 0 default, upgradeable to 50 0 default, upgradeable to 250
Maximum number of security zones 28 default, upgradeable to 128 34 default, upgradeable to 534
Maximum number of virtual routers 3 default, upgradeable to 53 3 default, upgradeable to 253
Maximum number of VLANs 4,093 4,093
Routing
BGP instances 32 64
BGP peers 64 128
BGP routes 10,000 20,000
OSPF instances 8 8
OSPF routes 4,096 6,000
RIP v1/v2 instances Up to 12 instances supported Up to 50 instances supported
Specifications (continued)