Cisco VPN 3000 Series Concentrator



Similar documents
Cisco VPN 3000 Concentrator Series

Cisco VPN 3000 Series Concentrator

General Computer Network VPN Solutions

CISCO PIX SECURITY APPLIANCE LICENSING

Cisco 7200 and 7500 Series Routers

NetFlow Feature Acceleration

E-Seminar. Financial Management Internet Business Solution Seminar

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

Cisco Conference Connection

IP Networking and the Advantages of consolidation

DATA SHEET. GigaStack GBIC THE CISCO SYSTEMS GIGASTACK GIGABIT INTERFACE CONVERTER (GBIC) IS A VERSATILE, LOW-COST,

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

Cisco Secure Access Control Server Solution Engine

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

CISCO METRO ETHERNET SERVICES AND SUPPORT

CISCO NETWORK CONNECTIVITY CENTER

Cisco Systems GigaStack Gigabit Interface Converter

Enterprise Reporting

CISCO WIRELESS SECURITY SUITE

How To Get A New Phone System For Your Business

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

E-Seminar. E-Commerce Internet Business Solution Seminar

Cisco CNS NetFlow Collection Engine Version 4.0

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

CISCO IOS IP SERVICE LEVEL AGREEMENT

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco 7200 Series Enterprise WAN Aggregation Application

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

How To Connect A Cisco Aironet 350 Series Wireless Bridge To A Network With A Wireless Bridge

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

Cisco CNS NetFlow Collection Engine Version 5.0

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

Cisco Router and Security Device Manager File Management

Cisco Router and Security Device Manager Dial-Backup Solution

It looks like your regular telephone.

Cisco PIX Device Manager v3.0

CISCO AIRONET POWER INJECTOR

Cisco CSS Series Content Services Switch

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM.

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

Cisco Unified IP Conference Station 7936

Optical Service Modules: OC-3/STM-1, OC-12/STM-4 and OC-48/STM-16 POS, OC-12/STM-4 ATM, Gigabit Ethernet WAN, Channelized T3 (CT3) and OC12/STM-4

Cisco IT Data Center and Operations Control Center Tour

Cisco VPN 3002 Hardware Client

Cisco WebEx Social Compatibility Guide

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

Cisco Aironet 1130AG Series

Cisco GLBP Load Balancing Options

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

Want to Improve Communication to Parents? Make it Simple.

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

Cisco Smart Care Service

CISCO IP PHONE EXPANSION MODULE 7914

Empower Your Law Firm with Your Next Phone System

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

Combined voice and data solution supports Orange s ongoing success in the UK business market

Cisco Intelligent Contact Management Enterprise Edition

Cisco PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

CISCO CATALYST 3750 SERIES SWITCHES

Cisco 2600XM DSL Router Bundles

Cisco AVVID Network Enterprise Data Center Solution Overview

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

CISCO MEETINGPLACE MANAGED SERVICE

World Consumer Income and Expenditure Patterns

Cisco IOS Firewall Intrusion Detection System

Cisco 800 IDSL Routers Business-Class IDSL Access Through the Power of Cisco IOS Technology

CISCO MEETINGPLACE FOR OUTLOOK 5.3

What is network convergence all about?

SERIAL AND ASYNCHRONOUS HIGH-SPEED WAN INTERFACE CARDS FOR CISCO 1800, 2800, AND 3800 SERIES INTEGRATED SERVICES ROUTERS

CISCO WAN MANAGER 15 DATA SHEET

CISCO MEETINGPLACE HOSTED SERVICE

Cisco Secure Policy Manager Version 3.1

Cisco VPN Solution Center 2.2

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Configuring DHCP for ShoreTel IP Phones

DATA SHEET. Cisco Secure PIX Firewall Software v5.2 THE WORLD-LEADING CISCO SECURE PIX FIREWALL TM SERIES PROVIDES TODAY S NETWORKING

Cisco Solution Incentive Program Asia Pacific

AT-S39 Version 1.3 Management Software for the AT-8024 and AT-8024GB Fast Ethernet Switches. Software Release Notes

How To Secure Your Network With Cisco Secure Solutions

BT Premium Event Call and Web Rate Card

CISCO IPSEC VPN SERVICES MODULE FOR THE CISCO CATALYST 6500 SERIES AND CISCO 7600 SERIES

6000 WATT AC POWER SUPPLY FOR THE CISCO CATALYST 6500 SERIES CHASSIS

How To Outtask Metro Ether To A Managed Service Provider

Transcription:

DATA SHEET 3000 Series Concentrator Introduction The Series 3000 Concentrator allows corporations to take full advantage of the unprecedented cost savings, flexibility, performance, and reliability of remote access VPN connections. Corporations use Virtual Private Networks (VPNs) to establish secure, end-to-end private network connections over a public networking infrastructure. VPNs have become the logical solution for remote-access connectivity for two main reasons: Deploying a remote-access VPN enables corporations to reduce communications expenses by leveraging the local dial-up infrastructures of Internet service providers. Remote Access VPNs allow mobile workers, telecommuters and day extenders to take advantage of broadband connectivity. To fully realize the benefits of high-performance, remote-access VPNs, a corporation must deploy a robust, highly available VPN solution, and dedicated VPN devices are optimal for this purpose. high-availability capabilities with a unique purpose-built, remote-access architecture, the 3000 Concentrator allows corporations to build high-performance, scalable, and robust VPN infrastructures to support their mission-critical, remote-access applications. Unique to the industry, it is the only scalable platform to offer components that are field-swappable and can be upgraded by the customer. These components, called Scalable Encryption Processing (SEP) modules, enable users to easily add capacity and throughput. The 3000 Concentrator supports the widest range of VPN client software implementations, including the Client, the Microsoft Windows 2000/XP L2TP/IPsec Client, the Microsoft L2TP/IPSec VPN Client for Windows 98, Windows Millennium (me), Windows NT Workstation 4.0, and Microsoft PPTP. The 3000 Series Concentrator is a best-of-breed, remote-access VPN solution for enterprise-class deployment. A standards-based, easy-to-use VPN client and scalable VPN tunnel termination devices are included, as well as a management system that enables corporations to easily install, configure and monitor their remote access VPNs. Incorporating the most-advanced, Copyright 2001, Inc. All Rights Reserved. Page 1 of 7

Five Models The 3000 Concentrator is available in four different models to support any business: 3005 Concentrator The 3005 Concentrator is a VPN platform designed for small- to medium-sized organizations with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance) and up to 100 simultaneous sessions. Encryption processing is performed in software. The 3005 does not have built-in upgrade capability. 3015 Concentrator The 3015 Concentrator is a VPN platform designed for small- to medium-sized organizations with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance) and up to 100 simultaneous sessions. Like the 3005, encryption processing is performed in software, but the 3015 is also field-upgradable to the 3030 and 3060 models. 3030 Concentrator The 3030 Concentrator is a VPN platform designed for medium- to large-sized organizations with bandwidth requirements from full T1/E1 through T3/E3 (50 Mbps maximum performance) and up to 1500 simultaneous sessions. Specialized SEP modules perform hardware-based acceleration. The 3030 is field-upgradeable to the 3060. Redundant and non-redundant configurations are available. 3060 Concentrator The 3060 is a VPN platform designed for large organizations demanding the highest level of performance and reliability, with high-bandwidth requirements from fractional T3 through full T3/E3 or greater (100 Mbps maximum performance) and up to 5000 simultaneous sessions. Specialized SEP modules perform hardware-based acceleration. Redundant and non-redundant configurations are available. 3080 Concentrator The 3080 Concentrator is optimized to support large enterprise organizations that demand the highest level of performance combined with support for up to 10,000 simultaneous remote access sessions. Specialized SEP modules perform hardware-based acceleration. The VPN 3080 is available in a fully redundant configuration only. Client Simple to deploy and operate, the Client is used to establish secure, end-to-end encrypted tunnels to the 3000 Concentrator. This thin design, IPsec-compliant implementation is provided with the 3000 Concentrator and is licensed for an unlimited number of users. The client can be pre-configured for mass deployments and the initial logons require very little user intervention. VPN access policies are created and stored centrally in the 3000 Concentrator and pushed to the client when a connection is established. Copyright 2001, Inc. All Rights Reserved. Page 2 of 7

The 3000 Series Concentrator Features 3005 3015 3030 3060 3080 Simultaneous Users* 100 100 1500 5000 10,000 Maximum LAN-to-LAN Sessions 100 100 500 1000 1000 Encryption Throughput 4 Mbps 4 Mbps 50 Mbps 100 Mbps 100 Mbps Encryption Method Software Software Hardware Hardware Hardware Encryption (SEP) Module 0 0 1 2 4 Redundant SEP N/A N/A Op Option Yes Available Expansion Slots 0 4 3 2 N/A Upgrade Capability No Yes Yes N/A N/A System Memory 32/64 MB 128 MB 128 MB 256 MB 256 MB Hardware Configuration 1U, Fixed 2U, Scalable 2U, Scalable 2U, Scalable 2U Dual Power Supply Single Option Option Option Yes Client License Unlimited Unlimited Unlimited Unlimited Unlimited * For planning purposes, a simultaneous user is considered to be a Remote Access VPN user connected in ALL tunneling mode this includes 1 IKE Security Association and 2 unidirectional IPsec SA s. For environments with rekeying or split tunneling, we recommend using a VPN Remote Access load-balancing environment with spare capacity since these particular sessions will utilize additional system resources that otherwise would be used to support additional users. The 3000 Series Concentrator supports the entire range of enterprise applications. Features and Benefits Product Highlights High-Performance, Distributed-Processing Architecture Cisco SEP modules provide hardware-based encryption, ensuring consistent performance throughout the rated capacity ( 3030-3080). Large-scale tunneling support provided for IPsec, PPTP and L2TP/IPsec connections. Scalability ( 3015-3060) Modular design (four expansion slots) provides investment protection, redundancy and a simple upgrade path. System architecture is designed to supply consistent, high-availability performance. All digital design provides the highest reliability and 24-hour continuous operation. Robust instrumentation package provides run-time monitoring and alerts. Microsoft compatibility offers large-scale client deployment and seamless integration with related systems. Security Full support of current and emerging security standards allows for integration of external authentication systems and interoperability with third-party products. Firewall capabilities through stateless packet filtering and address translation to assure the required security of a corporate LAN. Copyright 2001, Inc. All Rights Reserved. Page 3 of 7

User and group level management offers maximum flexibility. High Availability Redundant subsystems and multi-chassis fail-over capabilities ensure maximum system uptime. Extensive instrumentation and monitoring capabilities provide network managers with real-time system status and early-warning alerts. Robust Management The 3000 Concentrator can be managed using any standard Web browser (HTTP or HTTPS), as well as by Telnet, Secure Telnet, SSHv1, and via a console port. Files can be accessed via HTTPS, FTP, and SSH Copy (SCP). Configuration and monitoring capability is provided for both the enterprise and the service provider. Access levels are configurable by user and groups, allowing easy configuration and maintenance of security policies. Technical Specifications Hardware Processor Motorola PowerPC Processor Memory Redundant system images (Flash) Variable memory options (see chart) Encryption 3005, 3015 Software encryption 3030-3080 Hardware encryption Embedded LAN Interfaces 3005 Two auto-sensing, full-duplex 10/ 100BaseTX Fast Ethernet (public/untrusted, private/ trusted) 3015-3080 Three auto-sensing, full-duplex 10/100BaseTX Fast Ethernet (public/ untrusted, private/trusted and DMZ) 3015-3080 Front panel Status LEDs for system, expansion modules, power supplies, Ethernet modules, fan 3015-3080 Rear panel Status LEDs for Ethernet modules, expansion modules, power supplies 3015-3080 Activity monitor displays number of sessions, aggregate throughput, or CPU utilization; push-button selectable Software Client Software Compatibility Client (IPsec) for Windows 95, 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32- & 64-bit), and MAC OS X 10.1, including centralized split-tunneling control and data compression Microsoft PPTP/MPPE/MPPC, MSCHAPv1/v2, EAP/ RADIUS pass-through for EAP/TLS & EAP/GTC support Microsoft L2TP/IPsec for Windows 2000/XP (including XP DHCP option for route population) Microsoft L2TP/IPsec for Windows 98, WIndows Millennium (Me), and Windows NT Workstation 4.0 MovianVPN (Certicom) Handheld VPN Client with ECC Tunneling Protocols IPsec, PPTP, L2TP, L2TP/IPsec, NAT Transparent IPsec, Ratified IPsec/UDP (with auto-detection and fragmentation avoidance), IPsec/TCP Support for Easy VPN (Client and Network Extension mode) Encryption/Authentication IPsec Encapsulating Security Payload (ESP) using DES/ 3DES (56/168-bit) or AES (128, 192, 256-bit) with MD5 or SHA, MPPE using 40/128-bit RC4 Key Management Internet Key Exchange (IKE) Diffie-Hellman (DH) Groups 1, 2, 5, 7 (ECDH) Instrumentation 3005 Front panel Unit status indicator 3005 Rear panel Status light-emitting diodes (LED) for Ethernet ports Copyright 2001, Inc. All Rights Reserved. Page 4 of 7

Routing RIP, RIP2, OSPF, RRI (Reverse Route Injection), Static, Automatic endpoint discovery, Network Address Translation (NAT), Classless Interdomain Routing (CIDR) IPsec fragmentation policiy control, including support for Path MTU Discovery (PMTUD) Interface MTU control Third-Party Compatibility Certicom, ipass Ready, Funk Steel Belted RADIUS certified, NTS TunnelBuilder VPN Client (Mac and Windows), Microsoft Internet Explorer, Netscape Communicator, Entrust, GTE Cybertrust, Baltimore, RSA Keon High Availability VRRP protocol for multi-chassis redundancy and fail-over Remote Access Load Balancing clusters Destination pooling for client-based fail-over and connection re-establishment Redundant SEP modules (optional), power supplies, and fans ( 3015-3080) Management Configuration Embedded management interface is accessible via console port, Telnet, SSH, and Secure HTTP Administrator access is configurable for five levels of authorization. Authentication can be performed externally via TACACS+ Role-based management policy separates functions for service provider and end-user management Monitoring Event logging and notification via e-mail (SMTP) Automatic FTP backup of event logs SNMP MIB-II support Configurable SNMP traps Syslog output System status Session data (including Client Assign IP, Encryption Type Connection Duration, Client OS, Version, etc) General statistics Security Authentication and Accounting Servers Support for redundant external authentication servers: RADIUS (Remote Authentication Dial-In User Service) Microsoft NT Domain authentication Microsoft NT Domain authentication with Password Expiration (MSCHAPv2) RSA Security Dynamics (SecurID Ready), including native support for RSA 5 (Load Balancing, Resiliency) Internal Authentication server for up to 100 users X.509v3 Digital Certificates (including CRL/LDAP & CRL/HTTP, CRL Caching and Backup CRL Distribution Point support) RADIUS accounting TACACS+ Administrative user authentication Internet-Based Packet Filtering Source and destination IP address Port and protocol type Fragment protection FTP session filtering Site-to-Site Filters and NAT (for overlapping address space) Policy Management By individual user or group Filter profiles Idle and maximum session timeouts Time and day access control Tunneling protocol and security authorization profiles IP Pool Authentication Servers Certification FIPS 140-1 Level 2, VPNC Ports Console port-asynchronous serial (DB-9) Copyright 2001, Inc. All Rights Reserved. Page 5 of 7

Physical Characteristics Concentrator 3005 3015 3030 3060 3080 Height 1.75" (4.45cm) 3.5" (8.89cm) 3.5" (8.89cm) 3.5" (8.89cm) 3.5" (8.89cm) Width 17.5" (44.45cm) 17.5" (4.45cm) 17.5" (4.45cm) 17.5" (4.45cm) 17.5" (4.45cm) Depth 11.5" (29.21cm) Unit without front bezel or SEPS/PS 15" (38.1cm) 15" (38.1cm) 15" (38.1cm) 15" (38.1cm) Unit with front bezel, no SEPS/PS 16-3/16" (41.12 cm) 16-3/16" (41.12 cm) 16-3/16" (41.12 cm) 16-3/16" (41.12 cm) Unit with front bezel and SEPS/PS 16.75" (42.55 cm) 16.75" (42.55 cm) 16.75" (42.55 cm) 16.75" (42.55 cm) Weight 8.5 lbs(3.9kg) 27 lbs(12.3kg) 28 lbs(12.7kg) 33 lbs(15kg) 33 lbs(15kg) Power Type and Requirements Concentrator 3005 3015-3080 Nominal 15 watts (51.22BTU/hr) 35 watts (119.50BTU/hr) Maximum 25 watts (85.36BTU/hr) 50 watts (170.72BTU/hr) Input Voltage 100-240VAC 100-240VAC Frequency 50/60 Hz 50/60 Hz Power Factor Correction Universal Universal Environmental Temperature: 32 to 131 F (0 to 55 C) operating; -4 to 176 F (-40 to 70 C) non-operating Humidity: 0 to 95 percent non-condensing Regulatory Compliance CE Marking Safety UL 1950, CSA EMC FCC Part 15 (CFR 47) Class A, EN 55022 Class A, EN 50082-1, AS/NZS 3548 Class A, VCCI Class A Copyright 2001, Inc. All Rights Reserved. Page 6 of 7

Corporate Headquarters, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Europe 11, Rue Camille Desmoulins 92782 Issy Les Moulineaux Cedex 9 France Tel: 33 1 58 04 60 00 Fax: 33 1 58 04 61 00 Americas Headquarters, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Australia, Pty., Ltd Level 17, 99 Walker Street North Sydney NSW 2059 Australia Tel: +61 2 8448 7100 Fax: +61 2 9957 4350 has more than 190 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the Cisco.com Web site at /go/offices. Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2001,, Inc. All rights reserved. PIX and SMARTnet are trademarks, and Cisco, Cisco IOS,, and the logo are registered trademarks of, Inc. and/ or its affiliates in the U.S. and certain other countries. All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0103R) 1201/DA

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information