Chapter 11 Policy Management

Network Extension Mode

The network and addresses on the private side of the VPN 3002 are hidden, and cannot be accessed directly.

VPN 3000 Series VPN Concentrator Settings Required for PAT

For the VPN 3002 to use PAT, these are the requirements for the central-site VPN Concentrator.

1.The VPN Concentrator at the central site must be running Software version 3.x or later.

2.Address assignment must be enabled, by whatever method you choose to assign addresses (for example, DHCP, address pools, per user, or client-specified). If the VPN Concentrator uses address pools for address assignment, make sure to configure the address pools your network requires. See Chapter 6, Address Management, in the VPN 3000 Series Concentrator Reference Volume I.

3.Configure a group to which you assign this VPN 3002. This includes assigning a group name and Password. See Chapter 14, User Management, in the VPN 3000 Series Concentrator Reference Volume I.

4.Configure one or more users for the group, including usernames and passwords.

Network Extension Mode

Network Extension mode allows the VPN 3002 to present a single, routable network to the remote private network over the VPN tunnel. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the central-site VPN Concentrator. PAT does not apply. Therefore, devices behind the VPN Concentrator have direct access to devices on the VPN 3002 private network over the tunnel, and only over the tunnel, and vice versa. The VPN 3002 must initiate the tunnel, but after the tunnel is up, either side can initiate data exchange.

In this mode, the central-site VPN Concentrator does not assign an IP address for tunneled traffic (as it does in Client/PAT mode). The tunnel is terminated with the VPN 3002 private IP address (the assigned IP address). To use Network Extension mode, you must configure an IP address other than the default of 192.168.10.1 and disable PAT.

In Network Extension mode, the VPN 3002 automatically attempts to establish a tunnel to the VPN Concentrator. However, if you enable interactive hardware client authentication, the tunnel establishes when you perform the following steps.

Step 1 Click the Connection/Login Status button on the VPN 3002 Hardware Client login screen. The Connection/Login screen displays.

Step 2 Click Connect Now in the Connection/Login screen.

Step 3 Enter the username and password for the VPN 3002.

Alternatively, you can initiate a tunnel by clicking Connect Now on the in the Monitoring System Status screen.

VPN 3002 Hardware Client Reference

11-2

OL-1893-01

 

 

 

Page 119 Page 121
Page 120
Image 120
Cisco Systems VPN 3002 manual Network Extension Mode, VPN 3000 Series VPN Concentrator Settings Required for PAT, 11-2
Page 119 Page 121

VPN 3002 specifications

Cisco Systems VPN 3002 is a versatile hardware device designed to provide secure remote access to corporate networks. As part of Cisco's family of VPN concentrators, the VPN 3002 is aimed at small to medium-sized businesses seeking to establish secure communications over the Internet.

One of the key features of the VPN 3002 is its ability to support a wide range of VPN protocols, including IPsec and L2TP. This flexibility allows businesses to tailor their security solutions to meet specific needs, thereby ensuring robust encryption and integrity for data in transit. The device also supports innovative technologies such as Clientless SSL VPN, enabling users to access corporate resources without the need for a full client installation.

Another vital characteristic of the VPN 3002 is its scalability. It can support multiple users while maintaining optimal performance due to its integrated firewall capabilities. This functionality allows organizations to manage user traffic effectively, ensuring that both security and efficiency are maintained during peak access periods.

Additionally, the VPN 3002 boasts advanced features like NAT traversal, which helps ensure that VPN connections can penetrate network address translation firewalls and other similar devices, thereby enhancing connectivity. It also features strong authentication mechanisms, including support for RADIUS and TACACS+, providing businesses with the ability to implement stringent user verification processes.

The device is designed with ease of use in mind. The setup process is relatively simple, and Cisco's intuitive web-based management interface makes it easy to configure and monitor VPN connections. Furthermore, the VPN 3002 comes with a variety of integrated tools for logging and reporting, allowing administrators to maintain comprehensive oversight of network activities.

In terms of hardware, the VPN 3002 is equipped with multiple Ethernet ports for network connectivity and can support a range of configurations to meet diverse organizational requirements. Its robust design ensures longevity and dependable operation, making it an ideal solution for businesses seeking reliable remote access capabilities.

In conclusion, Cisco Systems VPN 3002 provides a comprehensive solution for organizations looking to secure their remote connections. With its support for various protocols, scalable architecture, advanced security features, and ease of use, it stands out as a reliable choice for enhancing corporate network security.
Top Page Image Contents