This chapter looked at the various hardware implementations for
Cisco VPN technologies and focused mainly on the VPN 3002 Hardware Client and
the VPN 3000 Series Concentrators. The VPN 3002 is typically implemented at
remote sites in larger organizations. They can be augmented by Cisco IOS
routers, PIX Firewalls, and VPN client software running directly on the host
PC.
The 3002 comes in two models: a two-port unit that can support a
single client or pass through to a hub or switch and a model with a built-in
8-port 10/100 switch. Both devices can support up to 253 users on the LAN
interface and a maximum of 100 simultaneous secure connections back to the
central network.
The Cisco VPN 3002 supports two modes of operation to offer
implementation choices based on flexibility, security, and easy configuration:
Client mode and Network Extension mode. A large VPN implementation might
frequently have both types of operation. In Client mode, the VPN 3002 emulates
the VPN client software appearing to the main network like a single remote user.
The hosts protected behind the VPN 3002 are a separate network that remains
invisible and nonroutable to the central site. In Network Extension mode, the
VPN 3002 establishes a secure site-to-site connection with the central site
device. The local stations behind the VPN 3002 are fully routable and the local
network is visible to the central site.
The VPN 3002 supports a growing range of VPN standards and
technologies, plus some implementation features to simplify large VPN
implementation and support. These features include Easy VPN Client, which allows
a thin installation on the 3002 and the final configuration pushed down to the
3002 on first connection to the VPN Concentrator. The 3002 also supports Auto
Upgrade, which allows the VPN Concentrator to push any needed software or
firmware upgrades down to the client.
The VPN 3002 supports the following two levels of client
authentication mechanism that supplies a high-level of security for both the VPN
3002 and the users behind the VPN 3002: Interactive Unit Authentication
authenticates the VPN device during the VPN setup, while Individual User
Authentication requires each user behind the 3002 to authenticate before using
the VPN tunnel.
The VPN 3002 hardware device (release 3.5) and the Cisco VPN
software client (v3.0) both support Cisco’s VPN 3000 load-balancing and failover
strategies that allow for more efficient use of the Concentrators and provide
backup alternatives if a Concentrator fails.
The Cisco VPN 3000 Series Concentrator is a growing family of VPN
devices designed and built to provide fast, reliable, and secure remote access
to organization network resources. These devices work with the Cisco VPN client
software and various Cisco VPN hardware devices to incorporate high
availability, high performance, and scalability, plus advanced encryption and
authentication technologies to the network.
The VPN 3000 Concentrator platform offers customer-upgradeable and
field- swappable components to increase capacity dramatically, while maintaining
the original device, rack space, and power requirements. Scalable Encryption
Processing (SEP) modules can be added to the 3015 to 3060 model case to enable
users to add capacity and throughput easily.
The Cisco VPN 3000 Concentrator series comes in several models to
meet organization capacity requirements and applications. The platform includes
models to support customers with 100 or fewer remote access users to large
organizations with up to 10,000 simultaneous remote connections. The latest
Cisco VPN Software Client is provided at no additional charge with unlimited
distribution licensing with all versions of the Cisco VPN 3000 Concentrator.
Sections
Comments (0 posted)
Syndication
