Cisco VPN 3002 Hardware Client

Similar documents
Traffic Offload. Cisco 7200/Cisco 7500 APPLICATION NOTE

E-Seminar. Voice over IP. Internet Technical Solution Seminar

Cisco Aironet In-Building Wireless Solutions International Power Compliance Chart

CISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Взято с сайта

Cisco Extensible Provisioning and Operations Manager 4.5

DATA SHEET. Catalyst Inline Power Patch Panel

THE CISCO SUCCESS BUILDER PROGRAM THE CISCO SMALL OFFICE COMMUNICATIONS CENTER: AFFORDABLE, PROVEN COMMUNICATIONS SOLUTIONS FOR SMALL ORGANIZATIONS

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)EY FOR CISCO CATALYST 3750 METRO SERIES SWITCHES

Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP

Cisco Voice Services Provisioning Tool 2.6(1)

C ISCO INTELLIGENCE ENGINE 2100 SERIES M OUNTING AND CABLING

ANNOUNCING NEW PRODUCT OFFERINGS FOR THE CISCO CATALYST 6500 SERIES

Cisco AVVID The Architecture for E-Business

ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL STUB ROUTER FUNCTIONALITY

E-Seminar. Wireless LAN. Internet Technical Solution Seminar

NEW METHOD FOR ORDERING CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES INTEGRATED SERVICES ROUTERS SOFTWARE SPARE IMAGES

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

Cisco Unified Wireless IP Phone 7920 Multi-Charger

High-Availability Solutions for SIP Enabled Voice-over-IP Networks

Cisco Catalyst 2950 Series Software Feature Comparison Standard Image (SI) and Enhanced Image (EI) Feature Comparison

Cisco ONS SDH 12-Port STM-1 Electrical Interface Card

Cisco ubr7200-npe-g1 Network Processing Engine for the Cisco ubr7246vxr Universal Broadband Router

CISCO FAX SERVER. Figure 1. Example Deployment Scenario. The Cisco Fax Server solution consists of the following components:

THE POWER OF A STRONG PARTNERSHIP.

Cisco VIP6-80 Services Accelerator

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco 3745 Gateway - PBX Interoperability: Avaya Definity G3 PBX using Q.931 PRI Network Side Interfaces to an H.323 Gateway

Cisco 2651XM Gateway - PBX Interoperability: Avaya Definity G3 PBX using Analog FXO Interfaces to an H.323 Gateway

Using TAPS with +E.164 Directory Numbers

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO FLEXWAN MODULE FOR USE WITH THE CISCO 7600 SERIES ROUTERS AND CATALYST 6500 SERIES SWITCHES

CONFIGURING EPOLICY ORCHESTRATOR 3.0 AND MCAFEE 8.0i WITH CISCO CALLMANAGER

NEW JERSEY S HIGHER EDUCATION NETWORK (NJEDGE.NET), AN IP-VPN CASE STUDY

CISCO 7200 SERIES NETWORK PROCESSING ENGINE NPE-G1

Cisco MDS 9000 Family and EMC ECC Integration

Cisco CallManager Server Upgrade Program

MULTI-VRF AND IP MULTICAST

CISCO NETWORK CONNECTIVITY CENTER BUSINESS DASHBOARD

Quick Start Guide Cisco CTE 1400 and Design Studio

Cisco Unified CallConnector for Microsoft Office Quick Reference Guide 1

USING TREND SERVERPROTECT5 WITH CISCO CALLMANAGER

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

USING MCAFEE VIRUSSCAN ENTERPRISE 8.0I WITH CISCO CALLMANAGER

Cisco Unified CallManager 4.0-PBX Interoperability: Mitel 3300 ICP Release 4.1 PBX to a Cisco 6608 Gateway using T1 QSIG with MGCP

Cisco Catalyst 4500 Series Power Supplies and External AC Power Shelf

Cisco AS5300 Gateway - PBX Interoperability: NEC NEAX 2400 PBX using T1 PRI Interfaces to an H.323 Gateway

The Cisco Unified Communications Planning and Design Service Bundle

DATA SHEET. Cisco Aironet 340 Series Client Adapters and Access Points In-Building Wireless Solutions

CISCO AC/DC POWER SOLUTION FOR USE WITH CISCO OPTICAL PLATFORMS

CISCO TRANSPORT MANAGER 4.7

The information presented in this document was created from devices in a specific lab environment. All of the devices started with a cleared (default)

CISCO ONS SONET 12-PORT DS-3 TRANSMULTIPLEXER CARD

Cisco SCA Series Secure Content Accelerator

Cisco Enterprise Content Delivery Network Solution Cisco Content Engines

Cisco Router and Security Device Manager Cisco Easy VPN Server

Introducing Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE and Cisco Catalyst 4500 Series 48-Port 100BASE-X SFP Line Card

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

Cisco Value Incentive Program Advanced Technologies: Period 7

CISCO CENTRALIZED WIRELESS LAN SOFTWARE RELEASE 3.0

Cisco ONS SONET 48-Port DS-3/EC-1 Interface Card

CISCO IOS SOFTWARE RELEASE 12.3(11)YK

Cisco Unity 4.0(4) with Cisco Unified CallManager 4.1(2) Configured as Message Center PINX using Cisco WS-X6608-T1 using Q.SIG as MGCP Gateway

Strategic IT Plan Improves NYCHA Resident Services While Reducing Costs US$150 Million

Cisco Router and Security Device Manager Intrusion Prevention System

Cisco 7304 Shared Port Adapter Modular Services Card

CISCO WDM SERIES OF CWDM PASSIVE DEVICES

SAFE Nimda. Attack Mitigation WHITE PAPER

DATA SHEET. Catalyst Port Fast Ethernet Interface Modules THE CISCO CATALYST PORT FAST ETHERNET INTERFACE MODULES ARE IDEAL FOR

Cisco Systems Intelligent Storage Networking

Third party information provided to you courtesy of Dell

NETWORK ADMISSION CONTROL

Cisco 806 Broadband Router

Cisco Optimization Services

Cisco EtherChannel Technology

Cisco Unified CallManager Licensing Pricing Model

CISCO 10GBASE XENPAK MODULES

CISCO UNIFIED IP PHONE 7912G

CiscoWorks Security Information Management Solution 3.1

iclass SE multiclass SE 125kHz, 13.56MHz 125kHz, 13.56MHz

NEW CISCO IOS SOFTWARE RELEASE 12.2(25)FY FOR CISCO CATALYST EXPRESS 500 SERIES SWITCHES

Cisco Unified Wireless Network Software Release 3.1

Cisco MGX 8000 Series Multiservice Switch Broadband ATM Switching Module

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO CATALYST 6500 SERIES OC-12 ATM MODULE

Quick Start Guide INSTALLING YOUR CISCO 1605 ROUTER 1 UNPACK THE BOX. 2 INSTALL THE ROUTER. 3 VERIFY YOUR INSTALLATION. Internet. Ethernet network 1

CISCO GIGABIT INTERFACE CONVERTER

EventBuilder.com. International Audio Conferencing Access Guide. This guide contains: :: International Toll-Free Access Dialing Instructions

Cisco T3/E3 Network Module for Cisco 2600, 3600, and 3700 Series Routers

Instructions. (For 6180 Industrial Computers) Applications. Overview & Safety

Dataliner Message Displays Using DL50 Slaves with a DL40 Master

Cisco 2651XM Gateway - PBX Interoperability: Ericsson MD-110 PBX using Q.931 BRI User Side Interfaces to an H.323 Gateway

Cisco Persistent Storage Device

Cisco 7600 Multiprocessor WAN Application Module for Broadband Aggregation

Access Code and Phone Number

RT-AX95U Wireless-AX11000 Tri Band Gigabit Router

Configuring DHCP for ShoreTel IP Phones

CISCO AIRONET 1230AG SERIES ACCESS POINT

Cisco MCS 7815-I2-UC1 Media Convergence Server

Cisco 7200VXR Series NPE-G2 Network Processing Engine

Transcription:

DATA SHEET Cisco VPN 3002 Hardware Client Introduction The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform. One of the major advantages of the Cisco VPN 3002 is easy implementation. It has few local setup parameters and includes troubleshooting aids to ensure proper operation. Additional parameters and policy are pushed to the device from a central site after the unit has been set up. In addition, the Cisco VPN 3002 scales easily to tens of thousands of devices. This is because as a client it can receive concentrator-assigned IP addresses from a pool, rather than end-to-end statically assigned addresses, which are required for LAN-to-LAN devices. The Cisco VPN 3002 can also coexist with, or work independently of, the software client typically used on MS-DOS or Windows, and NT-based PCs/workstations. This increases the number of operating system environments where VPN clients can be used. In remote-office VPN environments customers now have three main choices for connectivity: Small router, VPN, or firewall devices for secure LAN-to-LAN connectivity Software clients that run on a PC or similar workstation The new Cisco VPN 3002 Hardware Client Cisco VPN 3002 Hardware Client Features and Benefits Provides fast and easy deployment and scalability to thousands of sites Includes Dynamic Host Control Protocol (DHCP) client and server compatibility for hundreds of stations behind the Cisco VPN 3002 Supports Network Address Port Translation (NAPT) for hiding stations behind the Cisco VPN 3002 from external view and attack Includes optional 8-port 10/100-Mbps auto-sensing switch Designed for wall mount or table top operation Supports Client and Network Extension modes for application flexibility Works with any operating system, such as Windows, MAC, Linux, Solaris, more Eliminates the need to add or support VPN applications on a PC or workstation Operates seamlessly with existing applications Copyright 2000, Inc. All Rights Reserved. Page 1 of 5

Exploring Software Client and VPN Router Benefits Small router, VPN, and firewall devices can be inexpensive and provide many features, including stateful firewall capabilities, but they lack true scalability beyond a few hundred devices. In addition, deployment and ongoing management can be inconvenient, time consuming, and expensive because of the numerous parameters and manual configurations required at both ends of the connection. By contrast, software clients are typically provided for no charge with central site concentrators so they easily deploy and scale to large numbers. However, these clients have specific limited operating system support. Software clients may be impractical in extranet environments where the sponsor company does not own or control the PC (such as franchises), or does not want to incur the expense associated with maintaining non-company PCs and workstations. Exploring Hardware Client Benefits A hardware client combines the best features of a software client while maintaining the reliability and stability of a hardware platform. Because it uses push policy and is assigned an IP address from a pool of addresses in the concentrator, it has few parameters to manage and can be easily configured and deployed. However, unlike software clients, the hardware client operates across all operating systems and never interferes with the PC because it is an external piece of hardware. As a result, the hardware client is ideal for extranet applications or companies with a diverse set of operating system, or for companies with many remote offices or branches, such as franchise, bank, retail, and similar applications, that require simple, unattended operations or those applications where support is unavailable. A hardware client also appeals to companies that want to expand VPN solutions to home office users. Why Use a Hardware Client? Most large enterprises agree that the price of a hardware client is offset by the reduced or eliminated service calls typically associated with supporting software clients on the PC or the expense of supporting growing LAN-to-LAN networks with their complex configuration requirements at central and remote sites. In summary, the value proposition for a hardware client includes: Scales to very large networks without requiring expensive implementation support at the central site Enables easy and secure deployments because policy and configuration are pushed from the central site Supports any operating system, enabling the client to plug in easily across networks Improves application stability because the client is deployed independently of the PC Pays for itself if it saves even one service call per year versus a router or software client Enables VPNs to be easily implemented by enterprises that do not have control over the remote PCs Cisco VPN 3002 Hardware Client Application The Cisco VPN 3002 Hardware Client can also work alongside networks using the Cisco VPN (software) Client. It serves as a hardware client in applications where using a software client is impractical or undesirable. The Cisco VPN 3002 uses a DHCP client to acquire its IP address from the central site and a DHCP server to provide addresses to up to 253 stations in a single network behind it. The Cisco VPN 3002 uses NAPT and can scale to tens of thousands of devices because as a client, it acquires a concentrator assigned IP address upon connection from a pool, eliminating manual route assignment. The Cisco VPN 3002 supports the Cisco VPN Client Release 3.0 protocol using the Unified Client Framework. This enables it to connect to any Cisco central site VPN Concentrator, including the Cisco VPN 5000, PIX Firewall, and Cisco IOS central site concentrators in addition to the Cisco VPN 3000 Concentrators. Copyright 2000, Inc. All Rights Reserved. Page 2 of 5

Figure 1 Cisco VPN 3002 Hardware Client Application Central Site Mobile User with Cisco VPN Client Rel. 3.0 Software Client Dialing in (3002 can co-exist with networks also using the software client) Remote Office/ Branch NAPT: One Address for Entire Network Behind 3002 in Client Mode In Network Extension Mode, an IP Phone Can be Plugged Directly into One of the 3002 Switch Ports Cisco VPN 3030 Concentrator ISP Cable Modem, Router, Etc. Cisco VPN 3002 Hardware Client 3002 Receives Push Policy, Concentrator Assigned IP Address and SA from VPN 3030 Yahoo Site 3002 Supports Split Tunneling as a Push Policy As DHCP Client, 3002 Acquires Address from the ISP As a DHCP Server, VPN 3002 Maintains a Pool of Up to 253 Addresses to Assign to Stations on the Private Network Client and Network Extension Modes For security and easy configuration, the Cisco VPN 3002 includes two modes: Client and Network Extension. In Client mode, the Cisco VPN 3002 emulates the operation of VPN client software. The stations behind the Cisco VPN 3002 are non-routable (invisible to the central site) and acquire their IP addresses from a built-in DHCP server. The VPN 3002 public port can acquire its IP address from an Internet service provider (ISP) by using its DHCP client capability. Securing the Network in Client Mode To secure the network in Client mode, the Cisco VPN 3002 uses Port Address Translation (PAT). The Cisco VPN 3002 can only make outbound connections; therefore, no outside source can connect with the Cisco VPN 3002 or the stations behind it. Split tunneling, which is the ability to have a secure tunnel to the central site and simultaneous clear text tunnels to the Internet, can also be prohibited by creating a policy that is pushed from the central site. The Cisco VPN 3002 uses NAPT to protect the stations it serves during split tunneling operations. Securing the Network in Network Extension Mode In Network Extension mode, the stations behind the Cisco VPN 3002 are fully routable because the Cisco VPN 3002 now uses a secure site-to-site connection with the central site. However, when split tunneling is used to the Internet, the stations behind the Cisco VPN 3002 are still NAPT protected. Outbound NAPT on the Cisco VPN 3002 provides centralized security control because there are no configuration parameters for local users to adjust which might otherwise cause the central site to be compromised. All policies are pushed from a concentrator at the central site, eliminating the need or ability of local users to affect company security policies. The Cisco VPN 3002 also supports auto update to assist in upgrades. If an upgrade is needed, the unit upgrades automatically from an internal Trivial File Transfer Protocol (TFTP) server defined on the central site VPN Concentrator without end-user interaction. Copyright 2000, Inc. All Rights Reserved. Page 3 of 5

Specifications Operating Environment Temperature: 29º to 104ºF (-5º to 0ºC) Storage: -4º to 176ºF (-40º to 70ºC) Relative humidity: 0 to 95% noncondensing Hardware Processor Motorola 8260 processor: dual flash image architecture Network Interfaces On all models, all Ethernet ports are auto-sensing, which eliminates the need for crossover cables. CPVN3002-K9: one public 10/100-Mbps RJ-45 Ethernet interface and one private 10/100-Mbps RJ-45 Ethernet interface CVPN3002-8E-K9: one public 10/100-Mbps RJ-45 Ethernet interface and 8 private ports 10/100-Mbps RJ-45 Ethernet interfaces via auto-sensing switch, which eliminates the need for crossover cables Physical Dimensions Height: 1.967 x 8.6 x 6.5 in (5 x 22.5 x 16.51) (HxWxD) Power Supply External AC operation: 100-240V at 50/60 Hz with universal power factor correction; 4-ft cord included and international pigtail power cord selection Instrumentation and Physical Ports Front panel: status LEDs for Power, Tunnel Status and VPN establishment Rear panel: status LEDs for Ethernet ports (amber/green) Rear connectors for CVPN 3002-K9: three (3) RJ-45 ports including (1) public port, (1) private port and (1) console port with full signals Rear connectors for CVPN 3002-8EK9: ten (10) RJ-45 ports including (1) public port, (8) private port switch and (1) console port with full signals Reset switch: resets unit to factory defaults Power cord connector Approvals Product bears CE Marking indicating compliance with the 89/336/EEC and 72/23/EEC Directives: UL 60950, CSA C22.2 No.60950, IEC 60950, EN 60950, AS/NZS 3260, FCC (CFR47) Part 15 Class B, ICES-003 Class B, EN55022 Class B, CISPR22 Class B, AS/NZS 3548 Class B, VCCI Class B, EN55024, EN50082-1 Tunneling Protocol Support IP Security (IPSec) with Internet Key Encryption (IKE) key management Cisco VPN Unified Client Framework Compatibility Connects in Client mode with Cisco VPN 3000 and 5000 Concentrators, Cisco Secure PIX Firewalls, and Cisco IOS (4000 and 7100) Central Site Concentrator. Works with devices that comply with the Unity protocol specification. Dates for VPN 5000 and IOS TBD. Monitoring and Configuration Event logging; SNMP MIB-II support Embedded management interface: accessible via console port or local Web browser; Secure Shell (SSH)/Secure Socket Layer (SSL) Encryption Algorithms, Key Management, and Authentication Algorithms 56-bit Data Encryption Standard (DES) (IPSec); 168-bit Triple DES (3DES) (IPSec); MD5; SHA-1; HMAC with MD5; HMAC with SHA-1 Authentication User Name and Password preshared secret or Digital Certificates Configuration Modes Client mode: Cisco VPN 3002 acts as client, receives IP address from a concentrator pool; uses NAPT to hide stations behind the Cisco VPN 3002; network behind the Cisco VPN 3002 is unroutable (invisible to central site and the world); provides few configuration parameters Network Extension mode: Cisco VPN 3002 acts as site-to-site device; uses NAPT to hide stations only to Internet (stations visible or routable to central site); network behind the Cisco VPN 3002 is routable; provides additional configuration parameters Copyright 2000, Inc. All Rights Reserved. Page 4 of 5

Authentication, Authorization, and Accounting (AAA) Supports Remote Authentication Dial-In User Service (RADIUS) accounting and security from the central site Part Numbers Part Number Description CVPN3002-K9 Basic unit without switch; software and power cord ordered separately CVPN3002-8E-K9 Unit with 8-port switch; software and power cord ordered separately CVPN3002-BUN-K9 Includes hardware, latest software, and US power cord CVPN3002-8E-BUN-K9 Includes 8-port switch, hardware, latest software, and US power cord CVPN3002-SW-30-K9 Release 3.0 software for Cisco VPN 3002 Corporate Headquarters, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Europe 11, Rue Camille Desmoulins 92782 Issy Les Moulineaux Cedex 9 France Tel: 33 1 58 04 60 00 Fax: 33 1 58 04 61 00 Americas Headquarters, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Australia, Pty., Ltd Level 17, 99 Walker Street North Sydney NSW 2059 Australia Tel: +61 2 8448 7100 Fax: +61 2 9957 4350 has more than 190 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the Cisco.com Web site at /go/offices. Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2001,, Inc. All rights reserved. PIX and Unity are trademarks, and Cisco, Cisco IOS,, and the logo are registered trademarks of, Inc. and/or its affiliates in the U.S. and certain other countries. All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0103R) 0401/DA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback