لطفا منتظر باشید ...
VPN 3000 Series Concentrator Overview
An in-depth look at the implementation of the VPN 3000 Series Concentrator within the medium-sized network design is beyond the scope of this book.Figure 16-1. This configuration allows for the granular control of remote-user traffic that is accessing the medium-sized network.The Cisco VPN 3000 Series Concentrator is a purpose-built, remote-access VPN platform and client software that incorporates high availability, high performance, and scalability with the most advanced encryption and authentication techniques available today.Remote users establish secure connections via the use of a software client. Cryptographic parameters are negotiated during connection to the concentrator. Other features include
- Dynamically pushed VPN-policy configuration on a per-group basis that eliminates the need for manual client configuration
- Support for internal IP addresses, primary and secondary Windows Internet Name Service (WINS), and Domain Name System (DNS)
- Split-tunnel or no-split-tunnel options on a per-group basis
- Support for policy-database support either locally on the router or via RADIUS
- Authentication of users via extended authentication
- The latest revisions of the mode configuration and extended authentication IKE extensions
NOTE
As mentioned at the beginning of this section, an in-depth look at VPN 3000 Series Concentrator deployment is beyond the scope of this book. To obtain your CCSP certification, you should familiarize yourself with the implementation and configuration steps that are required to deploy the VPN 3000 Series Concentrator. You should draw from practical experience and rely on reference material, such as the CCSP course and Cisco Press self-study guides.The following is a summary of the basic configuration requirements that you should be aware of, at a minimum, regarding the VPN 3000 Series Concentrator:- IKE proposals
- Group configuration
- Identity
- General configuration
- IPSec
