In this chapter, you will learn to:
Describe VPN Concentrator user interfaces and startup
Discuss VPN Concentrators in IPSec VPN implementations
Configure VPN remote access with preshared keys
Configure VPN remote access with digital certificates
Configure VPN users and groups
Configure Cisco VPN 3000 client support
Configure the Cisco VPN client autoinitiation feature
Monitor and administer Cisco VPN 3000 remote access networks
This chapter introduces working with the Cisco VPN 3000 Concentrators for basic operations, as well as for advanced features and options. The 3000 series devices were introduced and described in Chapter 13. That information won’t be repeated here, but the features introduced are explored and the configuration steps defined.
The VPN 3000 devices, the concentrator series, and the remote client device all support the following three main activities:
Configuration
Administration
Monitoring
This chapter looks at all three activities on the 3000 series Concentrators.
Basic VPN concepts, such as preshared keys and using Certificate Authorities to implement digital certificates, were covered in Chapters 9 through 11. While the features are configured in this chapter, the underlying technologies aren’t addressed beyond an explanation for the processes being discussed. The menu-driven and web-based interfaces used with the VPN 3000 devices change the implementation steps, but three primary tasks are still used to ensure a successful installation:
Prepare for IKE and IPSec
Configure the features
Verify and monitor configuration
The VPN Concentrator creates a virtual private network (VPN) by creating a secure connection across a public Transmission Control Protocol/Internet Protocol (TCP/IP) network, such as the Internet. It can create single user to local area network (LAN) (remote user) connections and LAN-to-LAN connections.
The VPN Concentrator functions as a bidirectional tunnel endpoint using various standard protocols to perform the following tasks:
Establish tunnels
Negotiate tunnel parameters
Authenticate users
Assign user addresses
Encrypt and decrypt data
Manage security keys
Manage data transfer across the tunnel
Network configurations and VPN placement can vary widely. Chapter 27 introduces the Cisco SAFE strategy and how VPN devices fit into the secure network design. The VPN Concentrator is a flexible and functional device that can satisfy most applications. This chapter discusses configuring the VPN 3000 Series Concentrator to support VPN remote access implications. Chapter 15 reviews the VPN 3002 remote access client device. Chapter 16 covers the VPN Series Concentrator to support VPN LAN-to-LAN networks.