CCSP-Cisco Certified Security Professional

Push Banner to VPN 3002 An administrator can create a banner on the VPN 3000 Concentrator and push it to the VPN 3002. This allows the organization to provide information to users about their network, terms for use, liability, and other ... [full story]

VPN software version 3.6 introduced support for Advanced Encryption Standard (AES), which is more secure than DES and more efficient than 3DES. AES supports 128-, 192-, and 256-bit key strengths. 128-bit AES is significantly faster than 168-bit 3DES and little ... [full story]

A VPN Concentrator can be configured to add routes to its routing table for remote hardware or software clients. The VPN Concentrator then advertises these routes to its private network via RIP or OSPF, making the VPN 3002 protected networks ... [full story]

The VPN 3002 now supports an XML-based interface that allows the administrator to use an external management application. These management applications can be Cisco products or third-party tools. XML data can be sent to the VPN Concentrator using HTTPS, SSH, ... [full story]

Simple Certificate Enrollment Protocol (SCEP) You can enroll and install digital certificates on the VPN 3002 manually or automatically. The automatic method is a new feature that uses the Simple Certificate Enrollment Protocol (SCEP) to streamline enrollment and installation. SCEP is ... [full story]

VPN 3002 client software supports H.323, the packet-based multimedia communications standard developed by the International Telecommunication Union (ITU). A variety of multimedia applications use the H.323 standard to implement real-time audio, video, and data communications. This H.323 support allows the ... [full story]

The load balancing feature makes it possible to distribute remote sessions among two or more VPN Concentrators connected on the same network. Load balancing provides efficient use of system resources, while providing increased performance and high availability by directing remote ... [full story]

Configure IPSec Backup Servers—VPN 3000 Concentrator To configure backup servers for the VPN 3002 from the VPN Concentrator, use the Configuration | User Management | Base Group, Client Config tab, as shown in Figure 15-26. The backup server’s list will apply ... [full story]

Configure IPSec Backup Servers—VPN 3002 Client You can configure the backup server feature from the primary VPN Concentrator or the VPN 3002. Use the Configuration | System | Tunneling Protocols | IPSec screen to configure backup servers directly on the VPN ... [full story]

The IPSec backup servers feature provides alternatives for the VPN 3002 hardware client to connect to the central site when its primary VPN Concentrator is unavailable. Backup servers can either be configured individually on the VPN 3002 device or on ... [full story]

IEEE 802.1X is a standard for authentication on wired and wireless networks providing wireless LANs with strong mutual authentication between clients and authentication servers. 802.1X provides dynamic per-user, per-session wireless encryption privacy (WEP) keys, thereby removing administrative overhead and security ... [full story]

Individual user authentication protects the central site from access by unauthorized individuals on the VPN 3002 private network. It accomplishes this by requiring each user to open a web-browser session and manually enter a valid user name and password combination ... [full story]

The VPN 3002 software supports the following features: Interactive Hardware Client Authentication Interactive hardware client authentication, sometimes called interactive unit authentication, prevents VPN 3002 private LAN users from accessing the central site until the VPN 3002 unit authenticates. In this scenario, the ... [full story]

The Quick configuration is used to configure the minimum requirements for connecting to a VPN Concentrator. Modifying or adding options later to a VPN Concentrator is easy. For example, when the DHCP server was configured on the private interface, only ... [full story]

Change the Admin Password The Client Manager displays the Configuration | Quick | Admin Password screen. The screen is used to change the password for the administrator account (admin). The default password is also admin. Obviously, this isn’t secure for the most ... [full story]

Choose Client (PAT) Mode or Network Extension Mode The Client Manager displays the Configuration | Quick | PAT screen. The next screen is used to specify either Client (PAT) mode or Network Extension mode. The default Yes selects Client mode; No selects ... [full story]

Configure the IPSec The Client Manager displays the Configuration | Quick | IPSec screen. This screen lets you configure the IPSec parameters, enabling the VPN 3002 to connect to the VPN Concentrator or to other IPSec security gateways, such as the Cisco ... [full story]

Configure the Public Interface The Client Manager, displaying the Configuration | Quick | Public Interface screen, is shown in Figure 15-17. Figure 15-17: Screen to configure the public interface This is the interface used to connect to an ISP and to ... [full story]

The Client Manager Configuration | Quick | Private Interface | DHCP Server screen is used to enable and configure the VPN 3002 private interface to serve as a DHCP server for the private network hosts. This allows IP hosts on ... [full story]

Set the System Time, Date, and Time Zone The Client Manager window displays the Configuration | Quick | Time and Date screen. Figure 15-13 shows the entry screen used to set the time and date on this device. The choices ... [full story]

The Quick configuration ten-step process in either CLI or web-based Client Manager can be used to supply the minimal parameters needed to make the VPN 3002 operational. The Client Manager is used in this section, but it shouldn’t be any ... [full story]

This section looks briefly at how to use both interfaces to accomplish routine configuration tasks. While conceptually these will be familiar, please remember that neither interface has been aligned with the familiar IOS and ... [full story]

The VPN 3002 has been designed for simplicity and reliability of installation. It has few local setup parameters that must be configured. Basic configuration parameters, security policy, and even device upgrades are “pushed” to the device from the central site ... [full story]

The VPN 3002 Hardware Client fits into the network anytime a relatively small group of users need secure VPN connections to the corporate network. Figure 15-3 shows both an overall view of the small branch connecting to the corporate network ... [full story]

Overview In this pages, you will learn to: Configure the VPN 3002 using the CLI Configure the VPN 3002 device Remote Access Configure a variety of VPN 3000 and 3002 features Configure for a backup server and for load balancing Configure the client auto-update feature This chapter ... [full story]

Questions 1.  To make the VPN Concentrator accessible to a web browser, which interface must be configured by the CLI? Ethernet 0 Ethernet 1 Ethernet 2 Ethernet 3 2.  The VPN 3000 Concentrator CLI console connection uses which of the following? A standard Cisco console kit ... [full story]

The Cisco VPN 3000 Concentrator devices are a series of specialty appliances that perform VPN gateway services for organizations of all sizes. The VPN Concentrator can be used in remote access implementations, providing secure connections for mobile users and Small ... [full story]

Administer and Monitor Remote Access Networks This section looks briefly at the Administration and Monitoring features of the Cisco VPN 3000 Concentrator Series. Administration The VPN 3000 Concentrator Series provides a rich set of administration tools and features that keep the system operational and secure. ... [full story]

VPN Client Autoinitiation Feature VPN Client Autoinitiation (Automatic VPN initiation) is a new feature that provides secure connections to hosts using a wireless LAN (WLAN) environment by connecting through a VPN 3000 Series Concentrator. With autoinitiation configured on the VPN Client, ... [full story]

Configure Cisco VPN Client Support Now, it’s necessary to configure the Cisco VPN Client. While the full process was covered in Chapter 12, the following steps are used to contact the VPN Concentrator. Bring up the VPN Client on the PC ... [full story]

Using the Certificates Once the certificate is installed on the VPN concentrator, you must change settings for IKE negotiation. This requires two screen entries, the IKE transform to be used and the IPSec ... [full story]

Using SCEP to Manage Certificates The following steps demonstrate using SCEP to enroll and install digital certificates. To use SCEP to enroll identity or SSL certificates, SCEP must also be used to obtain the associated CA certificate. The Manager doesn’t allow ... [full story]