Cisco VPN 3000
Concentrator Hardware
By
David Minutella.
Terms you'll
need to understand:
-
Client mode
-
Network
Extension mode
-
SEP
-
SEP-E
-
VRRP
-
VCA protocol
Techniques
you'll need to master:
-
Identifying the
default hardware components of the VPN 3000 Concentrators
-
Identifying the
standard performance statistics for the VPN 3000 Concentrators
-
Understanding
SEP redundancy
-
Comprehending
the utilization of VRRP for concentrator redundancy
-
Understanding
concentrator load balancing functionality
-
Recognizing the
principle of bandwidth management
This chapter
introduces the hardware platforms for Cisco's VPN 3002 Hardware Client and the
VPN 3000 Concentrator series. It is crucial that you understand the hardware
aspect of the equipment before the actual configuration to provide a foundation
for the components that you are configuring. Table 3.1 illustrates the Cisco VPN
Concentrator and Client offerings and the locations in which you would implement
these appliances.
Table 3.1
Cisco VPN Concentrator and Client Platform Overview
|
Concentrator Model |
Performance |
Hardware
Encryption |
Site |
|
3002 Hardware
Client |
2.2Mbps/1
Session |
NA |
SOHO |
|
3005 |
4Mbps/100
Remote Sessions |
NA |
Small ROBO |
|
3015 |
4Mbps/100
Remote Sessions |
NA |
Small ROBO |
|
3030 |
50Mbps/1500
Remote Sessions |
1 SEP Module |
Medium ROBO |
|
3060 |
100Mbps/5000
Remote Sessions |
2 SEP Modules |
Central
Site/SP |
|
3080 |
100Mbps/10,000 Remote Sessions |
4 SEP Modules |
Central Site
/SP |
SOHO Cisco VPN
3002 Hardware Client
The 3002 Hardware
Client provides hardware stability for small offices in which remote access VPN
tunnels to the main office are required. Instead of installing the software
client on multiple end-devices, the Cisco VPN 3002 Hardware Client offloads that
responsibility onto itself by initiating the VPN tunnel on behalf of the clients
behind it. This functionality, known as Client mode, utilizes Port
Address Translation (PAT) to hide the devices behind the hardware client. The
3002 can also support site-to-site connectivity in Network Extension mode.
Configuration is simple because of its pushed-policy feature in which the 3002
inherits configuration parameters from the head-end VPN concentrator.
The VPN
3002 Hardware Client is capable of providing up to 10Mbps of throughput of
unencrypted data and 2.2Mbps of software-based encrypted data over a single VPN
tunnel. It comes standard with a public 10/100 Ethernet interface, which
connects to an external Internet WAN router. The CVPN-3002 model has a single
private 10/100 Ethernet interface, whereas the CVPN-3002-8E model has an
embedded auto-MDIX 8-port switch. The fact that this appliance does not need to
rely on unstable computer platforms and can maintain substantial throughput,
means the VPN 3002 Hardware Client is a robust solution in comparison to
software-based clients.
Figure 3.1 illustrates the CVPN
3002-8E model.
|
){kind=link}