© 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Cisco VPN Partner Technical Development Module 2 : VPN 3000 Configuration APAC Channels Technical Operations © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow Course Agenda • 3000 Concentrator Overview • Overview of Remote Access Configuration • Remote Access Configuration • CA Support Overview © 2003, Cisco Systems, Inc. All rights reserved. VPN Roadshow Cisco VPN 3000 Concentrator Series © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN Concentrator Series VPN 3030 regional office VPN 3030 regional office VPN 3005 or 3015 branch office Internet VPN 3060 or 3080 central site © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN 3005 Concentrator Private Public 100–240V power supply © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN 3015 Concentrator SEP module Slots Private Private 100-240V power supplies load sharing 100–240V power supplies load sharing Public External Public External © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN 3030 Concentrator SEP module Slots Private Private 100-240V power supplies load sharing 100–240V power supplies load sharing External External Public Public © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN 3060 Concentrator Private Private 100-240V power supplies load sharing 100–240V power supplies load sharing SEP module Slots External External Public Public © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN 3080 Concentrator Private Private SEP module Slots 100-240V power supplies load sharing 100–240V power supplies load sharing External External Public Public © 2003, Cisco Systems, Inc. All rights reserved. VPV Roadshow Concentrator Product Comparison 10001000500100100Site-to-Site Tunnels N 4 2 256M HW 10000 100M 2U 3080 Y 2 2 256M HW 5000 100M 2U 3060 YYNUpgradeable 0 Up to 2 64M SW 100 4M 2U 3015 128M32MMemory HWSWEncryption 10SEP Modules Up to 21Power Supplies 1500100Remote Access Sessions 50M4MPerformance 2U1UHeight 30303005Feature [...]... the Cisco VPN 3000 Concentrator Series Client ISP 10.0.1.5 Internet VPN public IP Application server 1 92. 168.1.5 10.0.1.10 1 92. 168.1.5 1 72. 26 .26 .1 ESP 10.0.1.10 10.0.1 .20 Adapter (NIC) IP address 1 72. 26 .26 .1 Client IP address 10.0.1 .20 Data © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow IPSec “Windows” Client Cisco VPN “Windows” Client software Installed on Windows system © 20 03, Cisco... reserved VPV Roadshow Remote Access Configuration of the Cisco VPN 3000 Concentrator Series © 20 03, Cisco Systems, Inc All rights reserved VPN Roadshow IP Interfaces Ethernet 1 (private IP) 10.0.1.5 © 20 03, Cisco Systems, Inc All rights reserved Ethernet 2 (public IP) 1 92. 168.1.5 VPV Roadshow Public IP Interface Ethernet 1 (private IP) 10.0.1.5 © 20 03, Cisco Systems, Inc All rights reserved Ethernet 2 (public... All rights reserved VPV Roadshow Summary (cont.) • Mode configuration enables the Cisco VPN 3000 Concentrator Series to push the network information to the Cisco VPN 3000 Concentrator Series Client • The Cisco VPN 3000 Concentrator Series can use several different types of authentication servers • The Cisco VPN 3000 Concentrator Series provides extensive monitoring capabilities © 20 03, Cisco Systems,... Finance VPV Roadshow User and Group Policies Access rights and privileges © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Group Database Internal server Cisco VPN 3000 Concentrator Series Client Internet Internet © 20 03, Cisco Systems, Inc All rights reserved Group: Training VPV Roadshow Admin Password © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow CA Support Overview © 20 03, Cisco... rights reserved Ethernet 2 (public IP) 1 92. 168.1.5 VPV Roadshow System Information © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Protocols IPSec Internet Internet © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Address Assignment Internet DHCP server 10.0.1.10 © 20 03, Cisco Systems, Inc All rights reserved Internet DHCP address VPV Roadshow External Authentication—NT Domain... Internet Cisco VPN 3000 Concentrator Series Client Computer Name: BOSTON Domain: Domain_BOSTON © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Configure Users and Groups © 20 03, Cisco Systems, Inc All rights reserved VPN Roadshow Groups and Users Base Group Corporate Groups Department Users Individuals MIS /Base/Sales VP of MIS Customer Service /Base/Service Finance /Base/Finance © 20 03, Cisco... Telecommuter VPV Roadshow IPSec Client to LAN Components VPN Concentrator Application server ISP Telecommuter with the Cisco VPN 3000 Concentrator Series Client ISP Internet Internet PPP connectivity Dial access IPSec tunnel or session • Client software • PPP protocol • IPSec protocol • VPN Concentrator © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow IPSec Client-to-LAN—Tunneling VPN private... network VPV Roadshow Load Balancing Master Internet Server Non-master Private Public network network © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Overview of Remote Access Using Pre-Shared Keys © 20 03, Cisco Systems, Inc All rights reserved VPN Roadshow Client to LAN Telecommuter File server Corporate office Internet service provider Telecommuter Internet Telecommuter Web server © 20 03, Cisco... Encryption Processor—SEP2 POWER STATUS SEP -20 0U • DSP-based hardware encryption—1,500 to 5,000 simultaneous sessions © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow SEP Redundancy SEP redundancy SEP redundancy Failover • Top-to-bottom redundancy © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Concentrator Redundancy VRRP Master Internet Server Slave Private network © 20 03, Cisco Systems,... Systems, Inc All rights reserved VPV Roadshow CA Support Overview © 20 03, Cisco Systems, Inc All rights reserved VPN Roadshow CA Server Fulfilling Requests from IPSec Peers Each IPSec peer individually enrolls with the CA server CA server © 20 03, Cisco Systems, Inc All rights reserved VPV Roadshow Digital Signature Remote Local Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars 4ehIDx67NMop9 . Client-to-LAN—Tunneling Application server 10.0.1.10 VPN private IP 10.0.1.5 Adapter (NIC) IP address 1 72. 26 .26 .1 Client IP address 10.0.1 .20 1 92. 168.1.5 1 72. 26 .26 .1 ESP 10.0.1.10 10.0.1 .20 Data Telecommuter with the Cisco VPN 3000 Concentrator. VPV Roadshow Concentrator Product Comparison 10001000500100100Site-to-Site Tunnels N 4 2 256M HW 10000 100M 2U 3080 Y 2 2 25 6M HW 5000 100M 2U 3060 YYNUpgradeable 0 Up to 2 64M SW 100 4M 2U 3015 128 M32MMemory HWSWEncryption 10SEP. reserved. VPN Roadshow Cisco VPN 3000 Concentrator Series © 20 03, Cisco Systems, Inc. All rights reserved. VPV Roadshow VPN Concentrator Series VPN 3030 regional office VPN 3030 regional office VPN