Cisco VPN 3000 Concentrator
|Product type: Network and Network Related Devices and Systems|
Product Status: Archived
Assurance Level: EAL2
Version: Versions: Cisco VPN 3000 Concentrators (version 4.1.7.N for 3005, 3015, 3020, 3030, 3060, 3080) | Cisco VPN 3002, 830 and PIX 501 Hardware Clients (version 4.7.2.D for 3002, 3002-8E, version 12.4(5a) for 831, 837 and version 6.3(5) for PIX 501) | Cisco VPN Software Clients (version 4.8.00 for Windows, Linux and version 4.6.02 for Solaris) | Certicom Movian Software Clients (version 4.0 for PocketPC 2002, PalmOS) | Worldnet21 AnthaVPN Software Client (version 5.6.2 for Windows CE.NET 4.2) | Cisco Secure ACS (version 4.0 for Windows 2000 Server)
Certification Country: AUSTRALIA/NEW ZEALAND (2007)
Senior Systems Engineering Manager
The Cisco Remote Access VPN enables trusted end systems such as desktop computers and notebooks, handheld computers and PDAs, and small trusted LANs, to establish secure connections to a trusted network over anuntrusted network. The evaluated solution includes VPN concentrators, VPN clients (software and hardware), and an (optional) authentication server.
The VPN Concentrator terminates secure connections established across an untrusted network from trusted IT systems equipped with the VPN client to provide access to a trusted network. The VPN concentrator has two physical interfaces; one connected to an untrusted network and the other connected to a trusted network.
The software VPN clients are used when a single trusted IT system requires a secure connection to a trusted network over an untrusted network, and the trusted IT system uses one of the operating systems supported by the software clients.
The hardware VPN client is used to securely connect a single trusted IT system that does not use one of the operating systems supported by the software clients to a trusted network over an untrusted network, or securely connect a single trusted LAN of trusted IT systems to a trusted network over an untrusted network.
The authentication server (CiscoSecure ACS) can be used to store authentication credentials to validate connections from VPN clients to the VPN concentrator.
Connections between clients and concentrators are secured using IPSec as defined in RFC 2401-2410 and 2415, with both MODECONFIG and XAUTH extensions. VPN client connections are authenticated using a combination of groupname/password or digital certificate, and username/password digital certificate. The use of SmartCards and Tokens is supported with the Windows VPN client.