Cisco BdI CVPN3005 E-FE hw set+SW cit CVPN3005-E/FE-BUN データシート
製品コード
CVPN3005-E/FE-BUN
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 5 of 13
IPSec VPN—Cisco Easy VPN and Auto-Upgradable Cisco IPSec VPN Client
IPSec VPNs offer the security and encryption features necessary to protect enterprise data, IP voice, and video traffic as it traverses the Internet.
Because IPSec can be deployed across any IP network, it is an attractive option for customers needing VPN services and has become the de-facto
standard in remote access.
Fast, Easy, and Scalable Deployment
Simple to deploy and operate, the Cisco VPN Client is used to establish secure, end-to-end encrypted tunnels to Cisco VPN 3000 Series
Concentrators. This thin-client design, IPSec-compliant implementation is licensed for an unlimited number of users. The Cisco IPSec VPN Client
can be preconfigured for mass deployments; the initial logons require little user intervention. It may be automatically upgraded to newer client
versions upon user connection, easing client version management on remotely deployed systems. Using Cisco Easy VPN, VPN access policies are
created and stored centrally in the concentrator and pushed to the client when a connection is established. This helps ensure dynamically updated,
zero-touch configuration of IPSec remote clients. Cisco Easy VPN Remote allows dynamic configuration of end-user policy, requiring less manual
configuration by end users and field technicians—reducing errors and further service calls while providing centralized security policy management.
The Cisco Easy VPN Server allows the concentrator to act a VPN gateway for site-to-site or remote-access VPNs, and pushes security policies
defined at the central site to the remote VPN device, helping to ensure that those connections have up-to-date policies in place before the connection
is established.
Cisco VPN 3002 Hardware Client
The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in VPN environments. It combines the best features of
a software client, including scalability and easy deployment, with the stability and independence of a hardware platform. By integrating Cisco Easy
VPN with the Cisco VPN 3002 Hardware Client, customers can reduce the management complexity of VPN deployments and simplify remote-side
administration.
Comprehensive Security Policy Compliance with NAC
NAC is an industry-wide collaboration effort led by Cisco Systems, established to help ensure that every endpoint complies with network
security policies before being granted access. Cisco VPN 3000 Concentrator Software v4.7 is NAC-enabled for IPSec remote-access scenarios.
NAC reduces the risk associated with extending network resources in remote-access scenarios by preventing vulnerable hosts from obtaining
and retaining normal network access. The Cisco AYT feature enforces firewall policies for users connecting using the Cisco IPSec VPN Client.
Administrators can configure the VPN to refuse endpoints that are in violation of the designated firewall policy. The Cisco IPSec VPN Client
polls the firewall every 30 seconds to make sure it is still running. AYT checks for the Cisco Security Agent, Cisco Integrated Client Firewall,
Network ICE BlackICE Defender, Sygate Personal Firewall, Sygate Personal Firewall Pro, Sygate Security Agent, Zone Labs ZoneAlarm, and
Zone Labs ZoneAlarm Pro.
Table 4 lists features of NAC.
Table 4. Network Admission Control: Prevents Noncompliant Endpoints from Affecting Enterprise Resilience
Feature
Description
Uses Existing Threat Mitigation
Infrastructure
Offers cost savings to customers by using existing network and antivirus infrastructures
Protects the Network with the
Network
Uses a network-based approach with NAC-enabled network access points (like Cisco VPN 3000
Series Concentrators) to ensure every host device is interrogated for policy compliance