Chapter 6 Tunneling

Configuration System Tunneling Protocols IPSec

The VPN 3002 in Fargo first tries to reach San Jose. If the initial IKE packet for that connection (1) times out (8 seconds), it tries to connect to Austin (2). Should this negotiation also time out, it tries to connect to Boston (3). These attempts continue until the VPN 3002 has tried all servers on its backup server list, to a maximum of 10.

Be aware of the following characteristics of the backup server feature:

If the VPN 3002 cannot connect after trying all backup servers on the list, it does not automatically retry.

In Network Extension mode, the VPN 3002 attempts a new connection after 4 seconds.

In Client mode, the VPN 3002 attempts a new connection when the user clicks the Connect Now button on the Monitoring System Status screen, or when data passes from the VPN 3002 to the VPN Concentrator.

A VPN 3002 must connect to the primary VPN Concentrator to download a backup server list configured on the primary VPN Concentrator. If that VPN Concentrator is unavailable, and if the VPN 3002 has a previously configured backup server list, it can connect to the servers on that list.

It can download a backup server list only from the primary VPN Concentrator. The VPN 3002 cannot download a backup server list from a backup server.

The VPN Concentrators that you configure as backup servers do not have to be aware of each other.

If you change the configuration of backup servers, or delete a backup server during an active session between a VPN 3002 and a backup server, the session continues without adopting that change. New settings take effect the next time the VPN 3002 connects to its primary VPN Concentrator.

You can configure the backup server feature from the primary VPN Concentrator or the VPN 3002.

From the VPN Concentrator configure backup servers on either of the Configuration User Management Base Group or Groups Mode Configuration screens.

On the VPN 3002, configure backup servers on the Configuration System Tunneling Protocols IPSec screen.

The list you configure on the VPN 3002 applies only if the option, Use Client Configured List, is set in the IPSec Backup Servers parameter. To set this option, go to the Mode Configuration tab on the Configuration User Management Groups Add/Modify screen of the primary VPN Concentrator to which the VPN 3002 connects.

Note The group name, username, and passwords that you configure for the VPN 3002 must be identical for the primary VPN Concentrator and all backup servers. Also, if you require interactive hardware client authentication and/or individual user authentication for the VPN 3002 on the primary VPN Concentrator, be sure to configure it on backup servers as well.

IPSec over TCP

Check IPSec over TCP if you want to connect using IPSec over TCP. This feature must also be enabled on the VPN Concentrator to which this VPN 3002 connects. See the explanation that follows.

IPSec over TCP Port

Enter the IPSec over TCP port number. You can enter one port. The port that you configure on the VPN 3002 must also match that configured on the VPN Concentrator to which this VPN 3002 connects.

VPN 3002 Hardware Client Reference

 

OL-1893-01

6-5

 

 

 

Page 65
Image 65
Cisco Systems VPN 3002 manual IPSec over TCP Port

VPN 3002 specifications

Cisco Systems VPN 3002 is a versatile hardware device designed to provide secure remote access to corporate networks. As part of Cisco's family of VPN concentrators, the VPN 3002 is aimed at small to medium-sized businesses seeking to establish secure communications over the Internet.

One of the key features of the VPN 3002 is its ability to support a wide range of VPN protocols, including IPsec and L2TP. This flexibility allows businesses to tailor their security solutions to meet specific needs, thereby ensuring robust encryption and integrity for data in transit. The device also supports innovative technologies such as Clientless SSL VPN, enabling users to access corporate resources without the need for a full client installation.

Another vital characteristic of the VPN 3002 is its scalability. It can support multiple users while maintaining optimal performance due to its integrated firewall capabilities. This functionality allows organizations to manage user traffic effectively, ensuring that both security and efficiency are maintained during peak access periods.

Additionally, the VPN 3002 boasts advanced features like NAT traversal, which helps ensure that VPN connections can penetrate network address translation firewalls and other similar devices, thereby enhancing connectivity. It also features strong authentication mechanisms, including support for RADIUS and TACACS+, providing businesses with the ability to implement stringent user verification processes.

The device is designed with ease of use in mind. The setup process is relatively simple, and Cisco's intuitive web-based management interface makes it easy to configure and monitor VPN connections. Furthermore, the VPN 3002 comes with a variety of integrated tools for logging and reporting, allowing administrators to maintain comprehensive oversight of network activities.

In terms of hardware, the VPN 3002 is equipped with multiple Ethernet ports for network connectivity and can support a range of configurations to meet diverse organizational requirements. Its robust design ensures longevity and dependable operation, making it an ideal solution for businesses seeking reliable remote access capabilities.

In conclusion, Cisco Systems VPN 3002 provides a comprehensive solution for organizations looking to secure their remote connections. With its support for various protocols, scalable architecture, advanced security features, and ease of use, it stands out as a reliable choice for enhancing corporate network security.