Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Cisco VPN 3002 Hardware Client Features

Cisco VPN 3002 Hardware Client Features

Oct 30,2009 by alperen

small font medium font large font
image

Cisco VPN 3002 Hardware Client Features

The following summarizes the features and benefits provided by the Cisco VPN 3002 Hardware Client devices. Those requiring configuration are addressed in Chapter 15, when configuring the client is covered or, because many features are “pushed” down from the central site, they’re enabled and configured in Chapter 14.

Auto Upgrade

The client update feature was added in version 3.0 for the VPN 3002 Hardware Client and version 3.1 for the Cisco VPN software client. If the central device supports the feature (v3.0 for VPN Concentrators), the central device can be used to upgrade the software and configuration on the client. In the case of the VPN 3002 Hardware Client, firmware upgrades can also be pushed down to the client.

For VPN 3002 Hardware Clients, the client update allows administrators to update software and firmware automatically for the 3002 device. If an upgrade is needed, the unit upgrades automatically from an internal TFTP server specified on the central site VPN Concentrator. The process of maintaining security, managing the system, and upgrading it is transparent to the end user.

For Cisco VPN software clients the process is a little less automatic. This is more of a notification mechanism with an assisted upgrade. The client update for the Cisco VPN software clients allows central location administrators to notify the client users automatically when it’s time to update. Then action is required on the part of users to retrieve and install the newer software.

Authentication Features

The VPN 3002 supports the following two levels of client authentication mechanism that supplies a high level of security for both the VPN 3002 and the users behind the VPN 3002:

  • Interactive Unit Authentication

  • Individual User Authentication

The VPN 3002 Interactive Unit Authentication technology uses Saved or One Time Passwords to reauthenticate itself to the head-end device. With Saved passwords, the 3002 client device needn’t reauthenticate if the tunnel cycles. With One Time passwords, the device must be reauthenticated each time the tunnel cycles. The VPN 3002 supports preshared secrets, digital certificates, and tokens for this authentication.

The VPN 3002 Individual User Authentication feature can be set to require each user behind the VPN device to authenticate before traversing the tunnel. This feature can require the users behind the 3002 to use preshared secrets or tokens to authenticate. The individual authentication can be used by itself or in conjunction with Interactive Unit Authentication to maximize security.

To simplify the process and make it as transparent as possible to the end users, this technology automatically intercepts any user attempting to traverse the VPN tunnel and redirects them to a browser page to authenticate. The user needn’t initiate or remember to initiate the security authentication because this is done automatically. If a user is only attempting to access the Internet via split tunneling, that user isn’t prompted to authenticate.

Load Balancing and Failover

The VPN 3002 hardware device (release 3.5) and the Cisco VPN software client (v3.0) both support Cisco’s VPN 3000 load-balancing strategy. To implement load balancing, multiple concentrators are grouped together logically on the same private LAN-to-LAN network in a virtual cluster. These VPN Concentrators can be configured to direct session traffic transparently to the least-loaded device, thus distributing the load among all devices. In addition to increasing efficient use of system resources, this strategy provides increased performance, high availability, and reliability.

The VPN 3002 supports up to 10 back-up concentrators, in case the primary location is down or otherwise unavailable. The 3002 cycles through each backup concentrator in order until it makes a successful connection, maximizing network availability to the client.

PPPoE Support

Point-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting Ethernet users to the Internet using a common broadband medium, such as a DSL line, a cable modem, or a wireless device. Many ISPs now require PPPoE authentication for DSL or other access to their networks. The VPN 3002 supports PPPoE Client mode to access these networks. Users need only to authenticate to the PPPoE server the first time and VPN 3002 then authenticates for all the user’s subsequent attempts. cp13 Cisco VPN 3000


430 times read

Related news
» Other VPN 3002 Software Features
by alperen posted on Nov 30,2009
» Cisco VPN Hardware Overview Review
by alperen posted on Nov 04,2009
» Configuring Cisco VPN 3002 Remote Clients Review
by alperen posted on Dec 05,2009
» Individual User Authentication
by alperen posted on Nov 30,2009
» IPSec Backup Servers
by alperen posted on Nov 30,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.