Cisco VPN 3002 Hardware Client CVPN3002-K9 Data Sheet

Cisco Systems

Copyright  © 2001 Cisco Systems, Inc. All Rights Reserved.

Page 4 of 6

The Cisco VPN 3002 also supports auto update to assist

in upgrades. If an upgrade is needed, the unit upgrades

automatically from an internal Trivial File Transfer

Protocol (TFTP) server defined on the central site VPN

Concentrator without end-user interaction.

The VPN 3002 provides a unique client authentication

mechanism that supplies a high level of security for both

the VPN 3002 and the users behind the VPN 3002. With

Interactive Unit Authentication the VPN 3002 can be set

to use Saved or One Time Passwords. If Saved passwords

are used, the device will not need to reauthenticate if the

tunnel cycles. If One Time passwords are used, the device

will need to be reauthenticated each time the tunnel

cycles. The VPN 3002 supports preshared secrets, digital

certificates and tokens for this mechanism.

In addition, the VPN 3002 can be set to require that each

user behind the VPN 3002 authenticate before traversing

the tunnel. This Individual User Authentication feature

can be used alone or in conjunction with Interactive Unit

Authentication to maximize security. Users behind the

3002 can be required to use preshared secrets or tokens

with this method.

A unique capability of this technique is that the user is

automatically intercepted when attempting to traverse the

tunnel and redirected to a browser page to authenticate.

Users do not need to initiate the security transaction since

it happens automatically. This vastly improves ease of use.

Users attempting to access the internet are not prompted

for credentials unless Split Tunneling is disabled.

The VPN 3002 supports the VPN 3000 load balancing

mechanism in conjunction with the Cisco VPN Client. In

this environment VPN 3002 will be transparently

redirected to the least utilized concentrator in the central

site network. This spreads the load evenly among all VPN

Concentrators. In addition the VPN 3002 supports up to

five back-up concentrators in the event the primary

location is unavailable. It cycles through each back up IP

address until if makes a successful connection thus

maximizing availability. The VPN 3002 can also  be

configured using the authentication techniques listed

above to auto-reconnect and re-authenticate if desired.

Many ISPs now require PPPoE authentication for DSL or

other access to their networks. VPN 3002 supports PPPoE

Client mode for access to these networks. Users need only

to authenticate to the PPPoE server the first time and VPN

3002 will authenticate for the user all subsequent

attempts.

The VPN 3002 supports three methods of NAT

Transparent IPSEC including the UDP method

implemented in the original release of the product, IPsec/

TCP method, and the Ratified IPsec/UDP NAT-T

specification, which includes Auto-detection and

Fragmentation avoidance.

Temperature: 29

º

 to 104

º

F (-5

º

 to 0

º

C)

Storage: -4

º

 to 176

º

F (-40

º

 to 70

º

C)

Relative humidity: 0 to 95% noncondensing

Motorola 8260 processor: dual flash image architecture

On all models, all Ethernet ports are auto-sensing, which

eliminates the need for crossover cables.

CPVN3002-K9: one public 10/100-Mbps RJ-45 Ethernet
interface and one private 10/100-Mbps RJ-45 Ethernet

interface

CVPN3002-8E-K9: one public 10/100-Mbps RJ-45
Ethernet interface and 8 private ports 10/100-Mbps

RJ-45 Ethernet interfaces via auto-sensing switch, which

eliminates the need for crossover cables

Height: 1.967 x 8.6 x 6.5 in (5 x 22.5 x 16.51) (HxWxD)

External AC operation: 100-240V at 50/60 Hz with
universal power factor correction; 4-ft cord included and

international pigtail power cord selection