cc/td/doc/product/aggr/vpn5000/5000sw/conc52x
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Introduction

Introduction

The VPN 5001 concentrator provides a network service provider (NSP) or enterprise customer with managed virtual private networks (VPNs) for one or more corporate sites.

Features

The VPN 5001 concentrator has the following features:


Table 1-1: VPN 5001 Features
Feature Description

Tunneling protocols

  • IPsec

  • GRE

  • Frame Relay permanent virtual circuit (PVC)

Key management

Internet Key Exchange (IKE) protocol

Authentication

IPsec ESP or AH using:

  • MD5 digital signature

  • Secure Hash Algorithm (SHA)

Encryption

IPsec ESP using DES and/or 3DES

Simultaneous VPN connections

1500

VPN remote access protocol

  • IP-in-IP for all clients

  • IPX-in-IP for Windows® clients

  • Microsoft Networking for Windows clients

VPN LAN-to-LAN protocols

  • IP-in-IP

  • IPX-in-IP

  • AppleTalk-in-IP

  • Bridging-in-IP (Spanning Tree or simple learning)

Client directory support

  • Internal configuration

  • RADIUS

  • Axent Defender

  • RSA Security SecurID

  • Server-side PKI certificates

Routing protocols

  • RIP

  • RIP2

  • OSPF

Filtering

  • Full set of IP, IPX, and AppleTalk filters

  • Bridge filters by protocol

Management

  • Command line over Telnet or console connection

  • VPN 5000 Manager for Windows

  • HP® OpenView®

  • SNMP MIB II for gets, sets, and traps

  • TFTP for downloading configurations and software

Using the Concentrator in Your Network

The following figure shows a VPN 5001 concentrator at a corporate site providing VPN services for remote users, a large remote office, and a small remote office.


Figure 1-1: Remote Access to a Corporate Site


Using the VPN 5000 Client

The following steps describe how a remote user connects to the corporate network using the VPN 5000 Client:

    1. When a remote user wants to connect to a server (10.1.1.18) on the corporate network, the user connects to its local Internet Service Provider (ISP).

    2. The user then uses the VPN 5000 Client to connect to the VPN 5001 concentrator's IP address (136.5.5.1), establishing a secure IPsec tunnel.

    3. After authenticating the user for the corporate network, the user sends the IP or IPX (Windows users only) packets from its computer to the corporate server through a tunnel terminated at the concentrator: the VPN 5000 Client encrypts the data and encapsulates it in a routable IPsec packet.

    4. The concentrator decrypts, authenticates, and translates the source address in the packets to a tunnel address recognized on the corporate network, in this case, 10.1.3.1.

  This address is used for all traffic sent from the corporate network to the user for the duration of the connection.

    5. The concentrator forwards the unwrapped, normal IP packets to the corporate network.

    6. The concentrator encapsulates and encrypts traffic from the corporate network back to the user.

Using a LAN-to-LAN Tunnel

The following steps describe how a large remote office connects to the corporate network using a LAN-to-LAN tunnel between two VPN 5001 concentrators:

    1. When a user at the remote office wants to connect to a server (10.1.1.18) on the corporate network, the user simply sends the packet to the server address normally.

    2. The VPN 5001 concentrator at the remote office initiates a tunnel with the concentrator at the corporate network.

    3. The concentrator then encrypts the data, encapsulates it in a routable IPsec packet, and sends the packet to the corporate VPN 5001 concentrator.

    4. The corporate concentrator decrypts and deencapsulates the packet and forwards it to the server.

Using This Guide

The following sections list the chapters you need to complete for each scenario:

LAN-to-LAN Tunnels Only

    1. "Getting Started," to access the command line interface.

    2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.

    3. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.

    4. "Configuring IP Routing," to configure ports for IP routing.

    5. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.

    6. "Configuring VPN LAN-to-LAN Tunnels," to configure LAN-to-LAN tunnel partners.

    7. (Optional) "Configuring IPX Routing," if you use IPX.

    8. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.

Remember to save your configuration according to "Saving the Configuration" section.

VPN Clients Only

    1. "Getting Started," to access the command line interface.

    2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.

    3. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.

    4. "Configuring IP Routing," to configure ports for IP routing.

    5. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.

    6. "Configuring VPN Groups," to configure tunneling options for a group of users.

    7. "Authenticating VPN Users," to configure an authentication method, such as a RADIUS server.

    8. (Optional) "Installing Certificates on the Concentrator," if you use server-side certificates as part of your authentication system.

    9. (Optional) "Configuring IPX Routing," if you use IPX.

    10. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.

Remember to save your configuration according to "Saving the Configuration" section.

LAN-to-LAN Tunnels and VPN Clients

    1. "Getting Started," to access the command line interface.

    2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.

    3. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.

    4. "Configuring IP Routing," to configure ports for IP routing.

    5. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.

    6. "Configuring VPN Groups," to configure tunneling options for a group of users.

    7. "Authenticating VPN Users," to configure an authentication method, such as a RADIUS server.

    8. "Configuring VPN LAN-to-LAN Tunnels," to configure LAN-to-LAN tunnel partners.

    9. (Optional) "Installing Certificates on the Concentrator," if you use server-side certificates as part of your VPN user authentication system.

    10. (Optional) "Configuring IPX Routing," if you use IPX.

    11. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.

Remember to save your configuration according to "Saving the Configuration" section.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed Sep 27 10:11:27 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.