Chapter 14: Cisco VPN 3000 Remote Access Networks

Chapter 14: Cisco VPN 3000 Remote Access Networks


In this chapter, you will learn to:

  • Describe VPN Concentrator user interfaces and startup

  • Discuss VPN Concentrators in IPSec VPN implementations

  • Configure VPN remote access with preshared keys

  • Configure VPN remote access with digital certificates

  • Configure VPN users and groups

  • Configure Cisco VPN 3000 client support

  • Configure the Cisco VPN client autoinitiation feature

  • Monitor and administer Cisco VPN 3000 remote access networks

This chapter introduces working with the Cisco VPN 3000 Concentrators for basic operations, as well as for advanced features and options. The 3000 series devices were introduced and described in Chapter 13. That information won’t be repeated here, but the features introduced are explored and the configuration steps defined.

The VPN 3000 devices, the concentrator series, and the remote client device all support the following three main activities:

  • Configuration

  • Administration

  • Monitoring

This chapter looks at all three activities on the 3000 series Concentrators.

Basic VPN concepts, such as preshared keys and using Certificate Authorities to implement digital certificates, were covered in Chapters 9 through 11. While the features are configured in this chapter, the underlying technologies aren’t addressed beyond an explanation for the processes being discussed. The menu-driven and web-based interfaces used with the VPN 3000 devices change the implementation steps, but three primary tasks are still used to ensure a successful installation:

  1. Prepare for IKE and IPSec

  2. Configure the features

  3. Verify and monitor configuration

The VPN Concentrator creates a virtual private network (VPN) by creating a secure connection across a public Transmission Control Protocol/Internet Protocol (TCP/IP) network, such as the Internet. It can create single user to local area network (LAN) (remote user) connections and LAN-to-LAN connections.

The VPN Concentrator functions as a bidirectional tunnel endpoint using various standard protocols to perform the following tasks:

  • Establish tunnels

  • Negotiate tunnel parameters

  • Authenticate users

  • Assign user addresses

  • Encrypt and decrypt data

  • Manage security keys

  • Manage data transfer across the tunnel

Network configurations and VPN placement can vary widely. Chapter 27 introduces the Cisco SAFE strategy and how VPN devices fit into the secure network design. The VPN Concentrator is a flexible and functional device that can satisfy most applications. This chapter discusses configuring the VPN 3000 Series Concentrator to support VPN remote access implications. Chapter 15 reviews the VPN 3002 remote access client device. Chapter 16 covers the VPN Series Concentrator to support VPN LAN-to-LAN networks.

Part III: Virtual Private Networks (VPNs)