|
|
The Cisco VPN 3000 Concentrator Series is a best-of-breed, remote-access VPN solution for enterprise-class deployment. A standards-based, easy-to-use VPN client and scalable VPN tunnel termination devices are included as well as a management system that enables corporations to easily install, configure and monitor their remote access VPNs. Incorporating the most-advanced, high-availability capabilities with a unique purpose-built, remote-access architecture, the Cisco VPN 3000 Concentrator allows corporations to build high-performance, scalable, and robust VPN infrastructures to support their mission-critical, remote-access applications. Unique to the industry, it is the only scalable platform to offer components that are field-swappable and can be upgraded by the customer. These components, called Scalable Encryption Processing (SEP) modules, enable users to easily add capacity and throughput. The Cisco VPN 3000 Concentrator supports the widest range of VPN client software implementations, including the Cisco VPN 3000 Client, the Microsoft Windows 2000 L2TP/IPsec Client and the Microsoft PPTP for Windows 95, Windows 98, and Windows NT. The Cisco VPN 3000 Concentrator is available in five different models to support any business: The 3005 is a VPN platform designed for small- to medium-sized organizations with bandwidth requirements up to full-duplex T1/E1 (4Mbps maximum performance) and up to 100 simultaneous sessions. Encryption processing is performed in software. The 3005 does not have built-in upgrade capability. The 3015 is a VPN platform designed for small- to medium-sized organizations with bandwidth requirements up to full-x T1/E1 (4Mbps maximum performance) and up to 100 simultaneous sessions. Like the 3005, encryption processing is performed in software, but the 3015 is also field-upgradeable to models 3030 ,3060, and 3080. The 3030 is a VPN platform designed for medium- to large-sized organizations with bandwidth requirements from full T1/E1 through fractional T3 (50 Mbps maximum performance) and up to 1500 simultaneous sessions. Specialized SEP modules perform hardware-based acceleration. The 3030 is field-upgradeable to the 3060. Redundant and non-redundant configurations are available. The 3060 is a VPN platform designed for large organizations demanding the highest level of performance and reliability, with high-bandwidth requirements from fractional T3 through full T3/E3 or greater (100 Mbps maximum performance) and up to 5000 simultaneous sessions. Specialized SEP modules perform hardware-based acceleration. Redundant and non-redundant configurations are available. The 3080 is optimized to support large enterprise organizations that demand the highest level of performance combined with support for up to 10,000 simultaneous remote access sessions. Specialized SEP modules perform hardware-based acceleration. The VPN 3080 is available in a fully redundant configuration only. Simple to deploy and operate, the Cisco VPN 3000 Client is used to establish secure, end-to-end encrypted tunnels to the Cisco VPN 3000 Concentrator. This thin design, IPsec-compliant implementation is provided with the Cisco VPN 3000 Concentrator and is licensed for an unlimited number of users. The client can be pre-configured for mass deployments and initial logins require very little user intervention. VPN access policies are created and stored centrally in the Cisco VPN 3000 Concentrator and pushed to the client when a connection is established. The Cisco VPN 3000 Monitor is a software application for centralized monitoring, alert, and data collection on one or more Cisco VPN 3000 Concentrators. The Java-based utility is compatible with Windows 95, Windows 98, and Windows NT. Simple Network Management Protocol (SNMP) polling is used to collect statistics from each device. The Enterprise View displays high-level status for each device in the network. The administrator may also obtain granular data on each device. In addition, the Cisco VPN 3000 Monitor stores polled data, traps, and logs for historical analysis, capacity planning, and troubleshooting. Standard tables and graphs are provided. For more information on the Cisco VPN 3000 Monitor and links to the datasheet and a Q&A document, visit http://www.cisco.com/warp/public/cc/pd/nemnsw/vpn3/prodlit/index.shtml Cisco VPN 3000 Concentrator Series
Product Overview
Cisco VPN 3005 Concentrator
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco VPN 3000 Client
Cisco VPN 3000 Monitor
|
Feature |
Cisco 3005 |
Cisco 3015 |
Cisco 3030 |
Cisco 3060 |
Cisco 3080 |
|---|---|---|---|---|---|
|
Simultaneous Users |
100 |
100 |
1500 |
5000 |
10000 |
|
Encryption Throughput |
4 Mbps |
4 Mbps |
50 Mbps |
100 Mbps |
100 Mbps |
|
Encryption Method |
Software |
Software |
Hardware |
Hardware |
Hardware |
|
Encryption (SEP) Module |
0 |
0 |
1 |
2 |
4 |
|
Redundant SEP |
N/A |
N/A |
Option |
Option |
Yes |
|
Available Expansion Slots |
0 |
4 |
3 |
2 |
N/A |
|
Upgrade Capability |
No |
Yes |
Yes |
N/A |
N/A |
|
System Memory |
32 MB (fixed) |
64 MB |
128 MB |
256 MB |
256 MB |
|
T1 WAN Module |
Fixed option |
Option |
Option |
Option |
Option |
|
Hardware |
1U, Fixed |
2U, Scalable |
2U, Scalable |
2U, Scalable |
2U |
|
Dual Power Supply |
Single |
Option |
Option |
Option |
Yes |
|
Client License |
Unlimited |
Unlimited |
Unlimited |
Unlimited |
Unlimited |
The Cisco VPN 3000 Concentrator Series supports the entire range of enterprise applications.
High-Performance, Distributed-Processing Architecture
Cisco SEP modules provide hardware-based encryption, ensuring consistent performance throughout the rated capacity (3030 - 3080).
Large-scale tunneling support provided for IPsec, PPTP and L2TP/IPSec connections.
Scalability (3015-3080)
Modular design (four expansion slots) provides investment protection, redundancy and a simple upgrade path.
System architecture is designed to supply consistent, high-availability performance.
All digital design provides the highest reliability and 24-hour continuous operation.
Robust instrumentation package provides run-time monitoring and alerts.
Microsoft compatibility offers large-scale client deployment and seamless integration with related systems.
Security
Full support of current and emerging security standards allows for integration of external authentication systems and interoperability with third-party products.
Firewall capabilities through stateless packet filtering and address translation to assure the required security of a corporate LAN.
User and group level management offers maximum flexibility.
High Availability
Redundant subsystems and multi-chassis fail-over capabilities ensure maximum system uptime.
Extensive instrumentation and monitoring capabilities provide network managers with real-time system status and early-warning alerts.
Robust Management
The Cisco VPN 3000 Concentrators can be managed using any standard Web browser (HTTP or HTTPS), as well as by Telnet, Secure Telnet, and via a console port.
Configuration and monitoring capability is provided for both the enterprise and the service provider.
Access levels are configurable by user and groups, allowing easy configuration and maintenance of security policies.
|
Description |
Specification |
|---|---|
|
Processor |
Motorola PowerPC Processor |
|
Ports |
Console port-Asynchronous serial (DB-9) |
|
Memory |
Redundant system images (Flash) Variable memory options (see chart) |
|
Encryption |
3005, 3015: Software encryption 3030, 3060, 3080: Hardware encryption |
|
Embedded LAN Interfaces |
3005: Two auto-sensing, full-duplex 10/100BaseTX Fast Ethernet (public/untrusted, private/trusted) 3015- 3080: Three auto-sensing, full-duplex 10/100BaseTX Fast Ethernet (public/untrusted, private/trusted and DMZ) |
|
Instrumentation |
3005 Front panel: Unit status indicator 3005 Rear panel: Status light-emitting diodes (LED) for Ethernet ports 3015-3080 Front panel: Status LEDs for system, expansion modules, power supplies, Ethernet modules, fan 3015-3080 Rear panel: Status LEDs for Ethernet modules, expansion modules, power supplies 3015-3080:Activity monitor displays number of sessions, aggregate throughput, or CPU utilization; push-button selectable |
|
Description |
3005 |
3015 - 3080 |
|---|---|---|
|
Nominal |
15 watts (51.22BTU/hr) |
35 watts (119.50BTU/hr) |
|
Maximum |
25 watts (85.36BTU/hr) |
50 watts (170.72BTU/hr) |
|
Input Voltage |
100-240VAC |
100-240VAC |
|
Frequency |
50/60 Hz |
50/60 Hz |
|
Power Factor Correction |
Universal |
Universal |
|
Description |
3005 |
3015 |
3030 |
3060 |
3080 |
|---|---|---|---|---|---|
|
Dimensions (HxWxD) |
1.75 x 17.5 x 11.5 in. (4.45 x 44.45 x 29.21 cm) |
3.5 x 17.5 x 14.5 in. (8.89 x 44.45 x 36.83 cm) |
Same as 3015 |
Same as 3015 |
Same as 3015 |
|
Weight |
8.5 lbs (3.9 kg) |
27 lbs (12.3 kg) |
28 lbs (12.7 kg) |
33 lbs (15 kg) |
33 lbs (15 kg) |
|
Operating Temperature |
32 to 131°F (0 to 55°C) |
Same as 3005 |
Same as 3005 |
Same as 3005 |
Same as 3005 |
|
Storage Temperature |
-4 to 176°F (-20 to 80°C) |
Same as 3005 |
Same as 3005 |
Same as 3005 |
Same as 3005 |
|
Humidity |
0-to-95% non-condensing |
Same as 3005 |
Same as 3005 |
Same as 3005 |
Same as 3005 |
|
Description |
Specification |
|---|---|
|
Regulatory Compliance |
CE Marking |
|
Safety |
UL 1950, CSA |
|
EMC |
FCC Part 15 (CFR 47) Class A, EN 55022 Class A, EN 50082-1, AS/NZS 3548 Class A, VCCI Class A |
|
Description |
Specification | |
|---|---|---|
|
Compatibility |
Client Software Compatibility |
Cisco VPN 3000 Client (IPsec) for Windows 95, Windows 98, Windows NT 4.0. Centralized split-tunneling support Microsoft PPTP/MPPE Microsoft L2TP/IPsec for Windows 2000 |
|
Tunneling Protocols |
IPsec, PPTP, L2TP, L2TP/IPsec, NAT Transparent IPsec | |
|
Encryption/Authentication |
IPsec Encapsulating Security Payload (ESP) using DES/3DES (56/168-bit) with MD5 or SHA, MPPE using 40/128-bit RC4 | |
|
Key Management |
Internet Key Exchange (IKE) | |
|
Routing Protocols |
RIP, RIP2, OSPF, Static, Automatic endpoint discovery, Network Address Translation (NAT), Classless Interdomain Routing (CIDR) | |
|
Third-Party Compatibility |
iPass Ready, Funk Steel Belted RADIUS certified, NTS TunnelBuilder VPN Client (Mac and Windows), Microsoft Internet Explorer, Netscape Communicator, Entrust, GTE Cybertrust, Baltimore, RSA Keon, Network Associates PGP VPN, Verisign | |
|
High Availability |
VRRP protocol for multi-chassis redundancy and fail-over Destination pooling for client-based fail-over and connection re-establishment Redundant SEP modules (optional), power supplies, and fans (3015 - 3060) Redundant SEP modules, power supplies, and fans (3080) | |
|
Management |
Configuration |
Embedded management interface is accessible via console port, Telnet, and Secure HTTP Administrator access is configurable for five levels of authorization Role-based management policy separates functions for service provider and end-user management |
|
Monitoring |
Event logging and notification via e-mail (SMTP) Automatic FTP backup of event logs SNMP MIB-II support Configurable SNMP traps Syslog output System status Session data General statistics | |
|
Security |
Authentication and Accounting Servers |
Support for redundant external authentication servers: - RADIUS (Remote Authentication Dial-In User Service) - Microsoft NT Domain authentication - RSA Security Dynamics (SecurID Ready) Internal Authentication server for up to 100 users X.509v3 Digital Certificates RADIUS accounting |
|
Internet-Based Packet Filtering |
Source and destination IP address Port and protocol type Fragment protection FTP session filtering | |
|
Policy Management |
By individual user or group - Filter profiles - Idle and maximum session timeouts - Time and day access control - Tunneling protocol and security authorization profiles |
| Part Description | Part Number |
|---|---|
| CVPN 3005 Series Products | |
| C3005 VPN concentrator with 2 10/100 | CVPN3005-E/FE |
| C3005 VPN concentrator with 2 T1 + 2 10/100 | CVPN3005-T1 |
| C3005 VPN concentrator with 2 E1 + 2 10/100 | CVPN3005-E1 |
| CVPN 3005 SW | CVPN3005-SW |
| CVPN 3015 Series Products | |
| C3015 VPN Concentrator Non Redundant | CVPN3015-NR |
| C3015 VPN SW | CVPN3015-SW |
| C3000 VPN Concentrator Power Supply | CVPN3000-PWR |
| CVPN 3030 Series Products | |
| C3030 VPN Concentrator Non Redundant | CVPN3030-NR |
| C3030 VPN Concentrator Redundant | CVPN3030-RED |
| C3030 VPN SW | CVPN3030-SW |
| CVPN 3060 Series Products | |
| C3060 VPN Concentrator Non Redundant | CVPN3060-NR |
| C3060 VPN Concentrator Redundant | CVPN3060-RED |
| C3060 VPN SW | CVPN3060-SW |
| CVPN 3080 Series Products | |
| C3080 VPN Concentrator Redundant | CVPN3080-RED |
| CVPN 3000CMN Products | |
| C3000 VPN Scalable Encryption Processor (SEP) | CVPN3000-SEP |
| C3000 VPN Concentrator Power Supply | CVPN3000-PWR |
| C3000 VPN Dual T1 WAN Module | CVPN3000-2T1 |
| C3000 VPN Dual E1 WAN Module | CVPN3000-2E1 |
| C3000 VPN Monitor Application | CVPN3000-MONAPP |
| CVPN 3000UPGR Products | |
| C3015 to 3030 Non-Redundant Upgrade Kit | CVPN1530-UPG-NR |
| C3015 to 3030 Redundant Upgrade Kit | CVPN1530-UPG-RED |
| C3015 to 3060 Non-Redundant Upgrade Kit | CVPN1560-UPG-NR |
| C3015 to 3060 Redundant Upgrade Kit | CVPN1560-UPG-RED |
| C3030 to 3030 Redundant Upgrade Kit | CVPN3030-UPG-RED |
| C3030 to 3060 Non-Redundant Upgrade Kit | CVPN3060-UPG-NR |
| C3030 to 3060 Redundant Upgrade Kit 1 SEP | CVPN3060-UPG-RED |
| C3030 to 3060 Redundant Upgrade Kit 2 SEP | CVPN6060-UPG-RED |
| C3015 to 3080 Redundant Upgrade Kit | CVPN1580-UPG-RED |
| C3030 to 3080 Redundant Upgrade Kit | CVPN3080-UPG-RED |
| C3060 to 3080 Redundant Upgrade Kit | CVPN6080-UPG-RED |
| CVPN 3000 Series Accessories | |
| Power Cord US Canada | CVPN3000-PC-US |
| Power Cord UK Ire HK Malaysia | CVPN3000-PC-UK |
| Power Cord ROW1 | CVPN3000-PC-ROW |
| Power Cord Australia NZ | CVPN3000-PC-AUS |
| Power Cord Japan | CVPN3000-PC-JAP |
| Slot Cover | CVPN-SLOTCOVER |
| Slot Cover For Power Supply | CVPN-PSSLOTCOVER |