|
|
The Cisco VPN 5000 Concentrator Series enables service providers to easily deploy managed VPN services. The Cisco VPN 5000 Concentrators are purpose-built VPN concentrator platforms and associated VPN client software that incorporate the most advanced high-performance encryption and authentication techniques available. The Cisco VPN 5000 Concentrator Series is the most feature-rich carrier-class VPN product line on the market, with support for the most demanding multiplatform, multiprotocol environments. Providers of Layer 2 private Intranet services such as Frame Relay can use the Cisco VPN 5000 Concentrator Series to increase profitability by creating VPNs that securely extend the reach of their customers` managed intranets and extranets to employees, partners, and customers around the globe. The Cisco VPN 5000 Concentrator Series is the industry`s first Layer 3 to Layer 2 VPN gateway, delivering a strong competitive advantage to service providers needing to integrate Layer 3 VPNs with their Layer 2 customer access networks. Users of intranet services reap cost savings and reduce administration overhead, while service providers gain new revenue streams through additional value-added services. By anchoring private Intranet access services with Cisco VPN 5000 Concentrators, service providers can offer a full range of connectivity options from any point on the globe. The Cisco VPN 5000 client, provided with the Cisco VPN 5000 Concentrators at no additional cost, supports IPsec-based VPN connections over standard dialup, ISDN, DSL, and cable modems. This enables service providers to offer secure intranet and extranet services globally by extending their off-network reach via the Internet. The Cisco VPN 5000 Concentrator Series includes three models to support a wide range of managed VPN deployments. The Cisco VPN 5001 is a fixed-configuration VPN concentrator with support for up to 1500 VPN tunnels and designed for deployment at the customer premise. The Cisco VPN 5000 series modular platforms are available in two-slot and eight-slot versions to meet your scalability requirements and are designed for deployment at service provider facilities or on customer premises. The two-slot Cisco VPN 5002 scales up to 10,000 simultaneous remote access or site-to-site VPN tunnels. The eight-slot Cisco VPN 5008 scales up to 40,000 simultaneous remote access or site-to-site VPN tunnels. The modular design of the Cisco VPN 5002 and 5008 Concentrators allow service providers to scale their service offerings via hot-swappable encryption service processor (ESP) cards. Each ESP card supports up to 5000 simultaneous VPN connections, features a central RISC processor with dedicated engines for encryption acceleration and key generation functions, and an I/O interface. Dynamic load balancing ensures that all processors are leveraged and optimized, resulting in wire-speed throughput. Three mix-and-match ESP cards allow providers to optimize the Cisco VPN 5000 installation to their specific network designs. Current available ESP interface options include 10/100-Mbps Fast Ethernet, DS3, and (HSSI) approved. New Products: Cisco VPN 5000 Concentrator Series
Product Overview
Key Features and Benefits
|
Feature |
Benefit |
|---|---|
|
Supports site-to-site tunnels transporting IP, IPX, AppleTalk and Spanning Tree Bridging |
Only VPN product enable multiple sites to interconnect using all these protocols. Enables seamless site-to-site connectivity in most any networking environment |
|
Clients for Windows 95, 98, 98 Second Edition, NT 4.0 (SP3-SP6), MacOS, Sun SPARC Solaris, and Linux |
Broadest client platform support in the industry, enabling users to access their VPN with most any workstation platform |
|
Scalability (remote access or site-to-site VPNs): Cisco VPN 5001: up to 1,500 Cisco VPN 5002: up to 10,000 Cisco VPN 5008: up to 40,000 |
Hardware acceleration and advanced architecture enable most scalable IPsec VPN solution in the industry |
|
Throughout (MD5 3DES): Cisco VPN 5001: greater than 40 Mbps Cisco VPN 5002: up tp 190 Mbps Cisco VPN 5008: up tp 760 Mbps |
Best in class performance enables remote offices to grow without replacing the VPN Concentrator. Enables simultaneous remote access and site-to-site VPNs without sacrificing performance. |
|
Incorporates advanced encryption and key generation/management processors |
Delivers superior encryption performance |
|
Client can be preconfigured and customized including help tab content, graphics, and icons |
Only product that enables this level of customization and branding of the VPN client. Minimizes help desk costs by providing contact information, tips, update information etc. within the help tab |
The Cisco VPN 5000 Concentrator creates IPsec-compliant tunnel connections using the Internet Key Exchange (IKE) protocol with MD5 digital signature or Secure Hash Algorithm (SHA) authentication and various IPsec ESP encryption methods, including DES and 3DES.
Cisco VPN 5000 client software is available for Windows 95, Windows 98, Windows NT (4.0 SP3 and later), Power Macintosh, Intel-based Linux, and Sun SPARC Solaris workstations. An unlimited-use license for all versions of the client software is included with each Cisco VPN 5000 Concentrator system. All Windows clients support both IP and IPX protocols and provide full-featured Microsoft networking support, including browsing, domain logins and redirection for both DNS and WINS.
The Cisco VPN 5000 client software is user-installable featuring a radically simple user interface that is user-transparent in operation. Cisco VPN 5000 clients will communicate over Point to Point Protocol (PPP) links (including dialup and ISDN) and over Internet-attached Ethernet connections (including DSL and cable modem). Under administration control, the clients can be set to distinguish between tunneled and nontunneled traffic, allowing simultaneous access to the corporate network and to Internet resources.
The Cisco VPN 5000 Concentrator includes directory support for client logins using RADIUS, SecurID, Axent Defender, and X.509 digital certificates. RADIUS accounting is also supported. Service provider administrators can create multiuser groups with their own IP or IPX filter lists allowing fine-grained control that is based on the customer`s internal security policies.
The Cisco VPN 5000 Concentrators can be managed via a built-in command-line interface (CLI) using a directly connected terminal or a Telnet session or via the Cisco VPN 5000 Manager Windows-based GUI management software. SNMP MIB II support is provided for gets and traps.
|
Description |
Specification |
|---|---|
|
Core VPN Features |
Tunneling protocol: IPsec Key management: IKE Authentication: IPsec ESP or AH using MD5 digital signature or SHA Encryption: IPsec ESP using DES or 3DES Operational configurations: Direct attach to Frame Relay-capable switch (Cisco 5002and 5008 only) or switched and routed 10/100 Ethernet Compliant with RFCs: 2401-2410 |
|
Remote Access Support |
VPN remote access protocols: IP-in-IP for all clients; IPX-in-IP for Windows clients (compliant with RFCs 1701 and 1702) Clients platforms Included: Windows 95, Windows 98, Windows NT (4.0 SP3 and later), Power Macintosh (System 7.6 and later), Intel-based Linux, and Sun SPARC Solaris platforms Advanced client features: Multiple user entries; server address entry by host name; DNS and WINS redirection for all Windows client versions (configurable at server); logging and packet statistics available from client; backup server configurable; Novell Client 32 compatible; NAT transparency mode Client connection support: PPP over dialup or ISDN; direct connect Ethernet including DSL and cable modem Client authentication support: Internally configured; RADIUS; SecurID, Accent Defender, X.509 digital certificates Client access filters: Full set of IP and IPX filters by group Advanced server features: Busy server automatically redirects client connections to next available server; IP address pools per VPN group; split-DNS support for separation of private and public DNS during VPN sessions |
|
Site-to-Site Support |
VPN site-to-site protocols: IP-in-IP; IPX-in-IP; AppleTalk-in-IP; Bridging-in-IP (Spanning Tree or simple learning), compliant with RFCs 1701 and 1702 Site-to-site VPN routing protocols: Static routes, RIP, RIP2 and OSPF Filtering for site-to-site operation: Full set of IP, IPX and AppleTalk filters; bridge filters by protocol |
|
Management |
Cisco VPN 5000 Manager: Windows GUI management (no additional charge) Command line management: Telnet, console, and out-of-band support SNMP management: MIB II support for gets and traps Accounting/logging: RADIUS accounting; Syslog LDAP used for X.509 CRLs |
|
Description |
Specification |
|---|---|
|
Ethernet Ports |
2 10/100BaseT autosensing Can use single 10/100 interface if desired |
|
Console/AUX Ports |
RS-232C DB-25 female connector |
|
Clock Type: Async |
Speed: 9.6 kbps, 8 data bits, 1 stop bit, no parity |
|
Processor |
StrongARM RISC (166 MHz) |
|
Hardware-Based Encryption and Key Management |
Dual DES/3DES Encryption Processors Key generation/manipulation processor |
|
Memory |
64 MB SDRAM 2 MB Flash ROM |
|
Cabling |
RS-232C console cable included |
|
Description |
Specification |
|---|---|
|
Power |
Class-2 wall-mount transformer with universal power supply and country-specific cable; 35W max (119 BTU) |
|
Description |
Specification |
|---|---|
|
Dimensions (H x W x D) |
1.8 x 12.1 x 15 in. (4.57 x 30.73 x 38.1 cm) |
|
Weight |
3.25 lbs. (1.48 kg) |
|
Temperature |
32 to 115°F (0 to 45°C) |
|
Humidity |
Up to 95% relative humidity (noncondensing) at 104°F (40°C) |
|
Description |
Cisco VPN 5002 Specification |
Cisco VPN 5008 Specification |
|---|---|---|
|
ESP Card Specifications |
Simultaneous VPN tunnels supported: 5000 per card: 10,000 maximum Console/AUX ports: 1 RS-232C DB-25 female connector per card Clock type: Async; speed: 9.6 kbps Processor: 1 StrongARM RISC (233 MHz) per card Encryption coprocessor: 2 builtin DES/3DES per card Math coprocessor: 1 per card Processor-to-processor communication: Full-duplex 1.0 Gb serial channel Memory: 128 MB SDRAM and 4 MB Flash ROM per card |
Simultaneous VPN tunnels supported: 5000 per card: 40,000 maximum Console/AUX ports: 1 RS-232C DB-25 female connector per card Clock type: Async; speed: 9.6 kbps Processor: 1 StrongARM RISC (233 MHz) per card Encryption coprocessor: 2 builtin DES/3DES per card Math coprocessor: 1 per card Processor-to-processor communication: Full-duplex 1.0 Gb serial channel Memory: 128 MB SDRAM and 4 MB Flash ROM per card |
|
DS3 Network Interface |
Electrical: DSX-3 per ANSI T1.404 Line build out: 0 to 100 feet or 100 to 900 feet Line code: B3ZS Line rate: 44.736 Mbps Frame format: Per ANSI T1.107 (C-Bit Parity); supports FEAC channel Alarm signaling: Yellow alarm sent on detection of red alarm; idle signal available as test signal Connectors: (2) 75ohm BNC coaxial (female) |
Electrical: DSX-3 per ANSI T1.404 Line build out: 0 to 100 feet or 100 to 900 feet Line code: B3ZS Line rate: 44.736 Mbps Frame format: Per ANSI T1.107 (C-Bit Parity); supports FEAC channel Alarm signaling: Yellow alarm sent on detection of red alarm; idle signal available as test signal Connectors: (2) 75ohm BNC coaxial (female) |
|
HSSI Network Interface |
HSSI DCE port Electrical: High-speed serial interface per TIA/EIA 612-1993 and TIA/EIA 613-1993 Data rates: 1.5 to 52 Mbps Connector: 50-pin SCSI-II (female) Impedance: 110 ohms (shielded twisted-pair) Compatible with: Larscom, ADC Kentrox, Adtran, and other T3 DSUs |
HSSI DCE port Electrical: High-speed serial interface per TIA/EIA 612-1993 and TIA/EIA 613-1993 Data rates: 1.5 to 52 Mbps Connector: 50-pin SCSI-II (female) Impedance: 110 ohms (shielded twisted-pair) Compatible with: Larscom, ADC Kentrox, Adtran, and other T3 DSUs |
|
Ethernet Interface |
10/100BaseTx autosensing |
10/100BaseTx autosensing |
|
Cabling |
RS-232C data/console cable included |
RS-232C data/console cable included |
|
Description |
Cisco VPN 5002 Specification |
Cisco VPN 5008 Specification |
|---|---|---|
|
AC Power Supply |
AC Power Supply: 90 to 135/180 to 265 VAC switch select; 47 to 63 Hz; 3A@115 VAC; 1.5A@230VAC |
Hot-swappable AC Power Supply: 400 + 400W hot-swappable redundant 90 to 135/180 to 265VAC switch select; 47-63 Hz; 8A@115 VAC; 3A@230 VAC |
|
DC Power Supply |
DC power supply: -48VDC |
Hot-swappable DC power supply: -48VDC |
|
Description |
Cisco VPN 5002 Specification |
Cisco VPN 5008 Specification |
|---|---|---|
|
Dimensions |
6.25 x 17.5 x 16.25 in (15.9 x 44.5 x 41.3 cm) |
22.3 x 17.1 x 16.0 in. (56.6 x 43.4 x 40.6 cm) |
|
Weight |
24.5 lbs. (11.12 kg) Rack-mountable |
Cisco VPN 5008: 110 lbs. (49.9 kg) |
|
Temperature |
32 to 115°F (0 to 45°C) |
32 to 115°F (0 to 45°C) |
|
Humidity |
Up to 95% relative humidity (noncondensing) at 104°F (40°C) |
Up to 95% relative humidity (noncondensing) at 104°F (40°C) |
Cisco VPN 5000 Manager: Windows GUI management (no additional charge)
| Part Description | Part Number |
|---|---|
| Cisco VPN 5000 Concentrator | |
| Cisco VPN 5001 Concentrator, 2 10/100 Ethernet and SW | CVPN5001-2E/FE |
| Cisco VPN 5002 Concentrator 2 Slot Chassis Software AC Power | CVPN5002-AC |
| Cisco VPN 5002 Concentrator 2 Slot Chassis Software DC Power | CVPN5002-DC |
| Cisco VPN 5008 Concentrator 8 Slot Chassis, Dual AC Power | CVPN5008-AC |
| Cisco VPN 5000 Encryption Service Processor (ESP) | |
| CVPN5000 Encryption Service Processor, DS3 and 3DES | ESP-DS3-3DES |
| CVPN5000 Encryption Service Processor, DS3 and 3DES Spare | ESP-DS3-3DES= |
| CVPN5000 Encryption Service Processor, HSSI and 3DES | ESP-HSSI-3DES |
| CVPN5000 Encryption Service Processor, HSSI and 3DES Spare | ESP-HSSI-3DES= |
| CVPN5000 Encryption Service Processor 10/100 and 3DES | ESP-FE-3DES |
| CVPN5000 Encryption Service Processor 10/100 and 3DES Spare | ESP-FE-3DES= |
| Cisco VPN 5000 Series Power Supply Spares and Options | |
| CVPN5008 AC Power Supply, Spare | PWR-CVPN5008-AC= |
| Cisco VPN 5000 Series Software Spares and Options | |
| Cisco VPN 5000 Concentrator System Software | CVPN5000-SW |
For online documentation on the Cisco VPN 5000 Series, visit
http://www.cisco.com/univercd/cc/td/doc/product/aggr/vpn5000/index.htm