Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 10
Local user
authentication database
• Enables administrators to define usernames and associated passwords locally on a
Cisco PIX Security Appliance, which can then be used to authenticate users prior to
allowing them network and VPN access
• Provides a cost-effective alternative for storage of user authentication information
HTTPS and FTP web
request filtering via
enhanced Websense
integration
• Extends integration with Websense-based employee web usage management solutions
by adding support for filtering of users’ HTTPS and FTP web requests
Advanced Encryption
Standard (AES)
• Adds support for securing site-to-site and remote access VPN connections with new
international encryption standard, Advanced Encryption Standard (AES)
• Provides software-based AES support on all supported Cisco PIX Security Appliance
models and hardware-accelerated AES via the new VAC+ card on select Cisco PIX
Security Appliance models
• Supports all standard AES key sizes: 128, 192, and 256
VPN Acceleration Card+
(VAC+)
• Delivers up to 440 Mbps of hardware-accelerated 168-bit 3DES and 256-bit AES
encryption (on select Cisco PIX Security Appliance models) for highly scalable
site-to-site and remote access VPN services
• Provides hardware acceleration of 56-bit DES, 168-bit 3DES, and all standard AES key
sizes (128, 192, and 256)
• Supports up to 2000 concurrent IKE associations
VPN NAT transparency • Extends support for site-to-site and remote access IPsec-based VPNs to network
environments that implement NAT or Port Address Translation (PAT), such as airports,
hotels, wireless hot spots, and broadband environments
• Supports automatic discovery of NAT/PAT environments during VPN tunnel negotiation
and can dynamically encapsulate VPN traffic using an Internet Engineering Task Force
(IETF)-based UDP wrapper mechanism for safe traversal through NAT/PAT boundaries
Custom IKE port
numbers
• Enables IKE sessions to be accepted on administrator-specified UDP ports, providing
additional flexibility for enterprise network environments
Integrated Dynamic
Host Configuration
Protocol (DHCP)
server support on
multiple interfaces
• Extends integrated DHCP server to provide DHCP services on one or more
administrator-specified interfaces concurrently, each with a separate DHCP address pool
Management
Syslog by access
control list (ACL) entry
• Introduces powerful newreporting and troubleshooting capabilities that enabledetailed
statistics to be gathered on which ACL entries are triggered by network traffic
attempting to traverse a Cisco PIX Security Appliance
• Gives precise control over which ACL entry-related syslog events are generated
Assignable syslog
levels by message
• Provides administrators tremendous flexibility and control over which syslog messages
Cisco PIX Security Appliances generate
ACL editing • Provides capabilities for inserting and deleting individual ACL entries without deleting
and re-creating the entire ACL
DHCP relay • Forwards DHCP requests from internal devices to an administrator-specified DHCP
server, enabling centralized distribution, tracking and maintenance of IP addresses
Table 1 New Features and Benefits
Key Features Benefit
