Ever striving to meet the needs of its customers, Cisco has put together a complete lineup of VPN products. As you learned in Chapter 2, “Overview of VPN and IPSec Technologies,”
the Cisco IOS Software feature set used on Cisco routers offers robust IP Security (IPSec) capability for site-to-site VPN requirements. The Cisco Secure PIX Firewall also provides VPN capability, moving the CPU-intensive encryption operations away from the busy border routers.
With the introduction of the Cisco VPN 3000 Concentrator Series, Cisco has implemented solutions that are built for the unique purpose of remote access VPNs. These versatile, reliable systems are designed to only process VPNs, and to process them quickly and efficiently.
Five models are available in the Cisco VPN 3000 Concentrator line: 3005, 3015, 3030, 3060, and 3080. The 3005 is a fixed configuration, while the others share the same chassis and are configurable, providing an unrestricted upgrade path from the 3015 model all the way to the 3080 model. These configurable models also allow for the use of multiple Scalable Encryption Processor (SEP) modules that offload processor-intensive encryption activities from the central processor of the concentrator.
This chapter present the products in this concentrator series and analyzes their benefits and features. Additionally, the chapter introduces the clients that support these products.
How to Best Use This Chapter
By taking the following steps, you can make better use of your time:
•
Keep your notes and answers for all your work with this book in one place for easy reference.•
Take the “Do I Know This Already?” quiz, and write down your answers. Studies show retention is significantly increased through writing facts and concepts down, even if you never look at the information again.•
Use Figure 3-1 to guide you to the next step.Figure 3-1 How to Use This Chapter
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of the chapter to use. If you already intend to read the entire chapter, you do not need to answer these questions now.
This 18-question quiz helps you determine how to spend your limited study time. The quiz is sectioned into three smaller “quizlets,” which correspond to the three major topic headings in the chapter. Figure 3-1 outlines suggestions on how to spend your time in this chapter based on your quiz score. Use Table 3-1 to record your scores.
"Do I Know This Already?"Take Quiz
FoundationRead Topics
Review Chapter Using Charts and Tables
Review Foundation
Summary
Perform End-of-Chapter Q&A and Scenarios
Go To ChapterNext
Score?
WantMore Review?
Low High
Medium
Yes
No
1 What models are available in the Cisco VPN 3000 Concentrator Series?
2 What is the maximum number of simultaneous sessions that can be supported on the Cisco VPN 3015 Concentrator?
3 What is the maximum number of simultaneous sessions that can be supported on the Cisco VPN 3080 Concentrator?
4 On a Cisco VPN 3005 Concentrator, what does a blinking green system LED indicate?
Table 3-1 Score Sheet for Quiz and Quizlets Quizlet
Number
Foundations Topics Section Covering These
Questions Questions Score
1 Overview of the Cisco VPN 3000 Concentrator Series Cisco VPN 3000 Concentrator Series models
1–6
2 Benefits and features of the Cisco VPN 3000 Concentrator Series
7–12
3 Cisco VPN 3000 Concentrator Series Client support 13–18
All questions 1–18
5 What is the maximum encryption throughput rate for the VPN 3000 series?
6 What tunneling protocols do Cisco VPN 3000 Concentrators support?
7 How do VPN concentrators reduce communications expenses?
8 What other authentication capability exists if standard authentication servers are not available?
9 What routing protocols do the Cisco VPN 3000 Concentrators support?
10 What protocol permits multichassis redundancy and failover?
11 List some of the methods that can be used to interface with the embedded Cisco VPN Manager software on VPN concentrators?
12 What four options are available under the Configuration menu of the VPN Manager?
13 What mechanism is used by Cisco VPN Clients to monitor firewall activity between the client and the concentrator?
14 What optional feature on the Cisco VPN 3002 Hardware Client allows you to connect Ethernet devices to the client?
15 During large-scale implementations, how can VPN 3000 Concentrators be configured to simplify client configuration?
16 Which of Cisco’s client offerings has no limitations with regard to the types of client operating systems it can support?
17 What two operating modes can a Cisco VPN 3002 Hardware Client be configured to support?
18 What operating systems does the Cisco VPN Client support?
The answers to this quiz are listed in Appendix A, “Answers to the “Do I Know This Already?”
Quizzes and Q&A Sections.” The suggestions for your next steps, based on quiz results, are as follows:
•
10 or less overall score—You should read the entire chapter, including the “Foundation Topics” and “Foundation Summary” sections, as well as the “Q&A” section.•
11 to 14 overall score—Read the “Foundation Summary” section and the “Q&A”section. If you are having difficulty with a particular subject area, read the appropriate section in the “Foundation Topics” section.
•
15 or more overall score—If you feel you need more review on these topics, go to the“Foundation Summary” section, then the “Q&A” section. Otherwise, skip this chapter and go to the next chapter.
Foundation Topics
In January 2000, Cisco purchased Altiga Networks of Franklin, Massachusetts. With that purchase, Cisco acquired Altiga’s nifty line of VPN concentrators, client software, and web-based management software. These products became the Cisco VPN 3000 Series Concentrators and supporting software. Since that time, Cisco has enhanced the product line by adding a top-end concentrator and a hardware client, and has made improvements to the software client. This chapter explores the advantages, features, and specifications of the Cisco VPN 3000