What is Cisco IWAN?



IWAN = Intelligent Wide Area Network

 Intelligent WAN leverages IOS routing technologies to enhance traditional networks while reducing WAN bandwidth costs. Let's take a look at what IWAN is and what it can do for us.

IWAN is based on four (4) components

Transport Independent

   - Consistent operational model
   - Simple provider migrations
   - Scalable and modular design
   - IPsec routing overlay design

Intelligent Path Control (Pfr)

     - Dynamic Application best path based on policy/s
     - Load balancing for full utilization of bandwidth
     - Improved network availability

Application Optimization (AVC and WAAS)

      - Application visibility with performance monitoring
      - Application acceleration and bandwidth optimization

Secure Connectivity (DMVPN)

      - Certified strong encryption
      - Comprehensive threat defense
      - Cloud Web Security for secure direct Internet access


IWAN provides a flexible secure WAN design (DMVPN) and is a transport independent solution wherein you can leverage any carrier service (i.e., MPLS, Internet). IWAN utilizes a single routing control plane with minimal peering to service providers (unlike traditional MPLS).

As you can see, IWAN leverages DMVPN as it's transport. We will not delve into DMVPN here as it is expected you already have a basic understanding of DMVPN. A quick overview of DMVPN

- Branch or SPoke sites establish an IPsec tunnel to and register with the Hub site
- Dynamic Routing protocol is used for scalability
- IP routing then exchanges prefix information
- Only the Public facing IP is to be known by the WAN transport
- Data travels over the DMVPN tunnel/s
- Dynamic site-to-site tunnels are established dynamically to provide spoke to spoke communications




















Comments

Post a Comment

Popular posts from this blog

SSL Decryption with Palo Alto NGFW

Image
Palo Alto Networks Firewall v8.0.4 SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Go to the Device Tab->Certficates. Lets import our CA certificate from the Microsoft Internal CA Server (e.g. http://x.x.x.x/certsrv). Click "Download a CA certificate, certificate chain, or CRL", choose Base64 and click "Download CA Certificate". Save this to an accessible location (e.g. Desktop) so it can be imported into the PAN-FW. 2. Back in the PAN GUI, import the CA cert and give it a comprehensive name (Note: You would click "Shared" if configuring this via Panorama and if you would like this cert to be used by multiple device/s. In this instance, we are configuring on a single local Firewall). Click ok!   Note: Click on the new Domain-RootCA cert, put a check mark next to "Trusted CA" and click ok! You will now see this reflected under the "
Read more

SSL Decryption with Cisco Firepower Management Center

Image
Cisco Firepower Management Center v6.2  SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Login to Firepower Management Center (FPMC), go to Objects->Object Management->PKI->Internal CA's and click "Generate CA"  2. Fill out each field according to your FPMC setup and click on "Generate CSR" 3. Copy the encrypted information from the certificate signing request, this can also be referred to as a base64 or .pem request. Now open a browser and access your internal certificate server and request a certificate. 4. Click on "Request a certificate", then click on "advanced certificate request" 5. Paste the content of the clipboard to the text box, Certificate Template should be selected as "Subordi
Read more

Cisco Firepower Management Center v6.2 - Reference Guide

Image
Firepower Management Center v6.2 Reference Guide While I have delivered Cisco Firepower to customers over the last several years, I always prefer that my customers are engaged and shadowing me as I install, configure, and tune Firepower. I am more than happy to explain as I go along however after Firepower is up and running I like to leave my customers with a reference guide that can help them better understand their new best of class NGIPS solution. I would like to share with you an example of this reference guide and I hope that it helps you better understand some partcular features or functions within Firepower Management Center, in this case v6.2. Once we understand the underlying features and functions, we can better configure and thereby tune the NGIPS so we can achieve the highly touted efficacy of the product in terms of detecting and preventing threats! Lets start at the beginning: Initial Configuration Steps - Definitions and HowTo Network Discovery Polic
Read more