Summary

The VPN 3002 Hardware Client is an ideal appliance for remote offices that do not wish to install the software client on each PC. The hardware client comes in a single-port private interface model, as well as an 8-port switch private interface model. Both models can operate in two distinct operating modes and can receive pushed policies and configurations from the central concentrator.

When the hardware client is running in Client mode, the client utilizes PAT to translate private IP addresses into its assigned inside IP for tunnel traffic. Because the remote network can see only the assigned tunnel IP, users behind the hardware client are hidden from the central location's network. PAT is also used for outgoing Internet traffic when split tunneling policy is being pushed down from the concentrator.

Network Extension operating mode is used for a site-to-site connection that does not utilize PAT for tunnel traffic. The central network has full visibility to the IP addresses assigned to users on the hardware client's private network. PAT, however, is still used for split tunnel Internet traffic if enforced.

To initialize the VPN 3002 Hardware Client, you can use the CLI, which can be accessed by the console port, Telnet, or SSH. You can also utilize the VPN 3002 Hardware Client Manager GUI by using HTTP and HTTPS (if you install the SSL certificate). These management protocols can be used because the hardware client comes with a factory default configuration of 192.168.10.1 with a subnet mask of 255.255.255.0.

The Quick Configuration steps to configure the minimal parameters of the VPN 3002 are as follows:

  1. Setting system date and time settings

  2. Uploading the existing configuration file

  3. Configuring Private Interface and DHCP server settings

  4. Configuring the Public Interface

  5. Defining IPSec parameters

  6. Enabling/Disabling PAT (Client Mode)

  7. Defining a DNS server

  8. Configuring static and default routes

  9. Changing the administrator password

You can access the Quick Configuration at any point by clicking on its link in the 3002 Hardware Client Manager's navigation frame. Another important configuration link is the Configuration | Tunneling Protocols | IPSec page, in which you can define up to 10 backup servers for redundant connectivity to the network.

Many of the 3002's configurations are inherited from the pushed parameters from the VPN 3000 Concentrator. On the HW Client tab of the VPN 3000 Concentrator, you can enable authentication features, set idle timers, enable Cisco IP Phone and wireless LEAP bypass for individual authentication, and enable Network Extension mode for any hardware clients in the group.

For users behind the VPN 3002 Hardware Client to initiate a tunnel with interactive authentication, they must navigate their Web browser to the hardware client's private interface and use the Connection/Login Status link to input the login credentials. Individual authentication requires a similar process to allow each user to authenticate to the head-end concentrator. Additionally, you can bring up the individual login screen by browsing to a Web page on the central network. Individual authentication is enforced whether or not the tunnel is already connected.

The Administration section of the VPN 3002 Hardware Client Manager has management screens to perform high-level housekeeping, similar to those of the VPN 3000 Concentrator Manager. In this section, you can upload a new software version or use the auto-update pushed feature of the VPN 3000 Concentrator. Additionally, you can reboot, ping, define access rights to the client, perform file management, and install a CA certificate dynamically with SCEP or manually.

The Monitoring section is also similar to the VPN 3000 Concentrator. This section displays the routing table, event logs, system status, and general statistics. On the Monitoring | System Status screen, you have an additional feature that enables you to connect and disconnect the VPN tunnel for the hardware client and display the negotiated SA for the tunnel.



CSVPN Exam Cram 2 (Exam 642-511)
CCSP CSVPN Exam Cram 2 (Exam Cram 642-511)
ISBN: 078973026X
EAN: 2147483647
Year: 2002
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net