Standards Supported

Standards Supported

The 3002 supports the following standards and protocols. The details of configuring these features are covered in Chapter 15.

• DHCP client and server services are supported. DHCP client implementation allows the public interface to be assigned an IP address from the head-end device on first connection. This is both easier and more reliable than end-to-end statically assigned addresses, which are typically required for LAN-to-LAN devices. DHCP server support allows the private interface(s) to assign IP addresses to up to 253 stations behind the Cisco VPN 3002.

• Three methods of NAT Transparent IPSEC, including the UDP method implemented in the original product release, IPSec/TCP method, and ratified IPSec/UDP NAT-T specification, which includes autodetection and fragmentation avoidance.

• PAT can be configured on the 3002 to hide the stations behind the Cisco VPN 3002 private interface(s) from external view and attack.

• IPSec encryption protocols, including 56-bit DES or 168-bit Triple DES for securing the data transmissions.

• MD5, SHA-1, HMAC with MD5, and HMAC with SHA-1 authentication algorithms.

• IPSec tunneling protocol with Internet Key Encryption (IKE) key management.

• AAA RADIUS accounting and security from the central site.

• H.323 support allows users to host and access NetMeeting sessions or to access other H.323 applications, such as voice-over IP (VoIP).

• Embedded web management interface accessible via local web browser, Secure Shell (SSH)/Secure Socket Layer (SSL), or conventional console port.

• SNMP MIB-II for monitoring, configuration, and event logging.