|
|
The VPN 5002 and 5008 concentrators provide a network service provider (NSP) or enterprise customer with managed virtual private networks (VPNs) for one or more corporate sites.
The multi-slot concentrator supports up to 5,000 simultaneous VPN connections per module allowing you to add capacity as your VPN requirements grow.
For an NSP, the concentrator supports connections to multiple customer networks while keeping them separate, even allowing more than one customer to connect to the same physical port.
The VPN 5002 and 5008 concentrators have the following features:
| Feature | Description |
|---|---|
Tunneling protocols |
|
Key management | Internet Key Exchange (IKE) protocol |
Authentication | IPsec ESP or AH using:
|
Encryption | IPsec ESP using DES and/or 3DES |
5000 per module | |
VPN remote access protocol |
|
VPN LAN-to-LAN protocols |
|
Client directory support and authentication |
|
Routing protocols |
|
Filtering |
|
Management |
|
The following figure shows a VPN 5002 concentrator used by an NSP to provide VPN services for three different companies, Company A, B, and C. All connections to the companies are made through one physical port on an HSSI module.
See "Example Configurations," for additional network examples.
The following steps describe how AUser connects to the Company A network:
1. When AUser wants to connect to a server (10.1.1.18) at Company A's site, AUser connects to its local Internet Service Provider (ISP).
2. The user then uses the VPN 5000 Client to connect to the VPN 5002 concentrator's Internet IP address (128.15.7.1), establishing a secure IPsec tunnel.
3. After authenticating the user for Company A's network, AUser sends IP or IPX (Windows users only) packets from its computer to the corporate server through a tunnel terminated at the concentrator: the VPN 5000 Client encrypts the data and encapsulates it in a routable IPsec packet.
4. The concentrator decrypts, authenticates, and translates the source address in the packets to a tunnel address recognized on Company A's network, in this case, 10.1.2.1.
5. The concentrator forwards the unwrapped, normal IP or IPX packets to Company A through the Frame Relay connection identified by DLCI @16.
6. The concentrator encrypts and encapsulates traffic from Company A back to AUser.
The following sections list the chapters you need to complete for each scenario:
1. "Getting Started," to access the command line interface.
2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.
3. "Configuring Basic Interface Settings," to set port parameters, such as configuring WAN ports for Frame Relay, PPP, or SMDS.
4. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.
5. "Configuring IP Routing," to configure ports for IP routing.
6. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.
7. "Configuring VPN LAN-to-LAN Tunnels," to configure LAN-to-LAN tunnel partners.
8. (Optional) "Configuring IPX Routing," if you use IPX.
9. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.
Remember to save your configuration according to "Saving the Configuration" section.
1. "Getting Started," to access the command line interface.
2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.
3. "Configuring Basic Interface Settings," to set port parameters, such as configuring WAN ports for Frame Relay, PPP, or SMDS.
4. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.
5. "Configuring IP Routing," to configure ports for IP routing.
6. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.
7. "Configuring VPN Groups," to configure tunneling options for a group of users.
8. "Authenticating VPN Users," to configure an authentication method, such as a RADIUS server.
9. (Optional) "Installing Certificates on the Concentrator," if you use server-side certificates as part of your authentication system.
10. (Optional) "Configuring IPX Routing," if you use IPX.
11. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.
Remember to save your configuration according to "Saving the Configuration" section.
1. "Getting Started," to access the command line interface.
2. "Configuring Basic System Parameters," to set the passwords, device name, and other system options.
3. "Configuring Basic Interface Settings," to set port parameters, such as configuring WAN ports for Frame Relay, PPP, or SMDS.
4. "Handling VPN Traffic," to determine how to connect your Ethernet ports and configure a firewall if necessary.
5. "Configuring IP Routing," to configure ports for IP routing.
6. "Configuring VPN Tunnel Authentication," to set the IKE policy for VPN tunnels.
7. "Configuring VPN Groups," to configure tunneling options for a group of users.
8. "Authenticating VPN Users," to configure an authentication method, such as a RADIUS server.
9. "Configuring VPN LAN-to-LAN Tunnels," to configure LAN-to-LAN tunnel partners.
10. (Optional) "Installing Certificates on the Concentrator," if you use server-side certificates as part of your VPN user authentication system.
11. (Optional) "Configuring IPX Routing," if you use IPX.
12. (Optional) "Configuring AppleTalk Routing," if you use AppleTalk.
Remember to save your configuration according to "Saving the Configuration" section.
Posted: Wed Sep 27 10:17:57 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.