This chapter looked at using Cisco VPN 3000 Series Concentrator
devices in LAN-to- LAN VPN implementations. The VPN Concentrator works as an
endpoint device in these implementations. While the peer device can be a router,
PIX firewall, Cisco VPN 3002 hardware client, or third-party VPN device, this
chapter and the features that will be tested on the exam assume Cisco VPN
Concentrators will be on both ends of the link.
LAN-to-LAN (site-to-site) VPNs are a rapidly expanding alternative
or augmentation to leased line or Frame Relay WAN infrastructures. VPNs are used
to create secure tunnels between two networks via an insecure public network,
such as the Internet. The Cisco Concentrator supports three types of tunnels:
Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and
Two types of LAN-to-LAN VPN implementations exist.
Intranet VPNs provide secure connections between branch
offices to the enterprise network resources.
Extranet VPNs provide secure connections for special third
parties, such as business partners, vendors, and customers to the specified
The Concentrator menu-driven system is used to configure basic
LAN-to-LAN VPN parameters, as well as to enable and define features like NAT
Transparency and VPN routing features, such as reverse route injection (RRI) and
Virtual Router Redundancy Protocol (VRRP).