CCSP-Cisco Certified Security Professional

Cisco VPN 3000 Remote Access Networks Overview In this chapter, you will learn to: Describe VPN Concentrator user interfaces and startup Discuss VPN Concentrators in IPSec VPN implementations Configure VPN remote access with preshared keys Configure VPN remote access with digital certificates Configure VPN users and groups Configure ... [full story]

CLI Quick Configuration Steps The CLI Quick Configuration Wizard prompts guide you through the following configurations steps: Set the system time, date, time zone, and daylight saving time values. Configure the VPN Concentrator private network interface (Ethernet 1) by responding to the following ... [full story]

Cisco VPN 3000 Concentrator Devices The Cisco VPN 3000 Series Concentrator is a growing family of VPN devices specifically designed and built to provide fast, reliable, and secure remote access to organization network resources. These devices combine with Cisco VPN client ... [full story]

Cisco VPN 3002 Hardware Client Features The following summarizes the features and benefits provided by the Cisco VPN 3002 Hardware Client devices. Those requiring configuration are addressed in Chapter 15, when configuring the client is covered or, because many features are ... [full story]

Standards Supported To support fast, easy, and reliable deployment and scalability to thousands of sites, the Cisco VPN 3002 Hardware Client is a full-featured VPN client that incorporates IPSec and other industry standards. The 3002 support for the Cisco VPN Client ... [full story]

Client and Network Extension Modes The Cisco VPN 3002 supports two modes of operation to offer implementation choices based on flexibility, security, and easy configuration. Those modes are Client mode Network Extension mode A large VPN implementation might frequently have both types of operation. Client ... [full story]

Cisco VPN 3002 Client Models The 3002 Client, a small-footprint, book-sized device designed for wall mount or table top operation, currently comes in two models. The CPVN3002-K9 has two 10/100 Mbps RJ-45 Ethernet autosensing interfaces: one for the outside or public ... [full story]

Cisco VPN 3002 Client Devices The Cisco VPN 3002 Hardware Client was specifically designed for those organizations with many remote users and sites that need to operate as secure clients in a VPN environment. The 3002 combines the ease of configuration ... [full story]

Questions 1.  Which of the following Cisco products is not a Cisco Easy VPN Server? PIX Firewall IOS routers IDS Manager VPN Series Concentrator 2.  Which two of the following are modes of operation of Cisco Easy VPN Remote? Server Client Network extension Push 3.  Split tunneling refers to ... [full story]

Cisco Easy VPN is part of Cisco’s Unified Client Framework, in which VPN management is centralized across all Cisco VPN devices. The goal is to simplify VPN implementation, at least at the remote end. The Easy VPN strategy incorporates all ... [full story]

The Statistics tab on the Cisco System VPN Client Connection Status dialog box shows statistics on the VPN Client data packets processed during the current session or since the statistics were reset. The data collected includes the following information. Figure ... [full story]

Cisco VPN 3000 Concentrator Models The VPN 3000 Concentrators create virtual private networks (VPNs) by creating secure connection across a TCP/IP network, such as the Internet, that allows remote end users to connect to the corporate network. The VPN Concentrator can ... [full story]

Cisco VPN 3005 Concentrator The 3005 is a fixed-configuration VPN platform designed for small-to-medium networks with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance) and up to 100 simultaneous sessions. Figure 13-3 shows the front and rear views of ... [full story]

Cisco VPN 3015 Concentrator Like the Cisco VPN 3005, the 3015 is a VPN platform designed for small-to-medium networks with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance) and up to 100 simultaneous sessions. Also, like the 3005, the ... [full story]

The VPN 3000 Concentrator and the VPN 3002 Hardware Client support both a specialized command-line interface (CLI) and a web-based interface (Concentrator or Client Manager). You can do exactly the same tasks with either interface. The choice ultimately boils down ... [full story]

Questions 1.  What is the protocol the Cisco VPN 3000 Series Concentrators use to provide Wireless Client Support for personal digital assistants (PDAs) ... [full story]

This chapter looked at the various hardware implementations for Cisco VPN technologies and focused mainly on the VPN 3002 Hardware Client and the VPN 3000 Series Concentrators. The VPN 3002 is typically implemented at remote sites in larger organizations. They ... [full story]

Remote access VPN clients use the three following common connectivity techniques to reach the central site: VPN client software installed on PCs or workstations Hardware VPN routers ... [full story]

The following summarizes the features and benefits provided by the Cisco VPN 3000 Concentrator devices. Chapter 14 addresses those that require configuration. Modular Design (Models 3015 to 3080) The Cisco SEP modules provide hardware-based encryption, ensuring consistent performance throughout the rated ... [full story]

Standards Supported To support fast, easy, and reliable deployment and scalability to thousands of remote users and sites, the Cisco VPN 3000 Concentrators are full-featured VPN devices that incorporate IPSec and other industry standards. The 3000 series support the following standards ... [full story]

Side-by-Side Model Comparison The following table summarizes the key features of the Cisco VPN 3000 Concentrator series of devices.   3005 3015 3030 3060 3080 Simultaneous Users 100 100 1,500 5,000 10,000 Encryption Throughput 4 Mbps 4 Mbps 50 Mbps 100 Mbps 100 Mbps Encryption Method Software Software Hardware Hardware Hardware Encryption (SEP) Module 0 0 1 2 4 Expansion Slots Available 0 4 3 2 0 Redundant SEP N/A N/A Option Option Yes System Memory 32MB fixed 64MB 128MB 256MB 256MB T1 WAN Module Fixed ... [full story]

Cisco VPN 3080 Concentrator The 3080 is a top-of-the-line platform fully optimized to support large enterprise networks requiring the highest level of performance with support for up to 10,000 simultaneous remote access sessions. The basic configuration and expansion capabilities include the ... [full story]

Cisco VPN 3060 Concentrator The 3060 is a VPN platform designed for large networks requiring the highest level of performance and reliability, with high-bandwidth requirements from fractional T3 through full T3/E3 or greater connections. The 3060 can support up to 5,000 ... [full story]

Cisco VPN 3030 Concentrator The 3030 is a VPN platform designed for medium-to-large networks with bandwidth requirements from full T1/E1 through fractional T3, up to 50 Mbps maximum performance. The 3030 can support up to 1,500 simultaneous sessions. The basic configuration ... [full story]

The Client/Server policy supports the Zone Labs Integrity solution. Zone Labs Integrity is a Client/Server firewall solution in which the Integrity Server acts as the firewall server that pushes firewall policy to the Integrity Agent residing on the VPN Client ... [full story]

The Firewall Rules section of the Status box shows all the firewall rules currently implemented on the VPN Client. The rules are arranged in order of importance, with the highest importance at the top. All but the last two rules ... [full story]

Router MC v1.1 Enhanced VPN Features Router MC v1.1 added support for the following VPN features: Enhanced Certification Authority (CA) enrollment features, including support for trust-point and autoenrollment commands for devices running IOS 12.2(8)T and higher Advanced Encryption Standard (AES) encryption algorithm for ... [full story]

Router MC v1.1 Firewall Features Router MC v1.1 added support for the following firewall functionality features: Support for configuring ordered access rules to be assigned per interface. The ability to view a list of access rules per device or device group. Context Based Access ... [full story]

Features and Benefits The Router Management Center offers features, such as smart rules hierarchy, resiliency support via IKE and generic routing encapsulation (GRE), import and deployment to files or devices, wizards-based support for setup of IKE and VPN tunnel policies, reusable ... [full story]

The VPN Client software now includes an integrated stateful firewall feature set that provides protection to the client. The feature set protects the VPN Client PC from Internet attacks both from split-tunneling implementations and IPSec tunnel connections to a VPN ... [full story]

Management Center for VPN Routers Management Center for VPN Routers v1.1 (Router MC) is a web-based application designed for large-scale management of VPN and firewall configurations running on Cisco routers. Management Center for VPN Routers is one of the components of ... [full story]

Preconfiguring the Cisco VPN 3.6 Client To use the VPN Client, at least one connection entry must be configured to define the following information: The Cisco VPN Remote ... [full story]