RE: Cisco CVPN3060 VPN

Chris Lemagie Mon, 26 Mar 2001 11:23:38 -0800
Answers posted inline below.

Chris Lemagie

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Adekola, Dennis D
Sent: Monday, March 26, 2001 10:12 AM
To: cisco
Subject: Cisco CVPN3060 VPN


Hi Guys,

My company wants me to investigate on Cisco CVPN3060 VPN boxes.
I know what a VPN does , however i need to answer questions like

Q = Does it do the authentication itself or will you require a seperate
server to authenticate users.
A = Authentication servers can be; internal, RADIUS, NT Domain, SDI or
Certificate Authorities such as Verisign, Entrust and Microsoft's
Certificate Server.  If you use Cisco Secure ACS 2.6 as the RADIUS server
you also have the ability to authenticate via Windows 2000 Active Directory
or Novell NDS.  Cisco Secure ACS will proxy the requests for you.

Q = Is the configuration just like a router
A = There is a menu driven CLI, but the Web base GUI is much more intuitive
and quicker.  You have control of the full feature set via the GUI.

Q = What kind of connections does one need
A= Dial-Up (Yuk!!!) or broadband.  The client/concentrator does not care.  I
actually use the client from customer LANs on occasion.

Q = On which part of the network will this box sit
A = The "Public" interface must have a routable IP address or a one-to-one
(static) NAT translation.  If the "Private" interface is behind a firewall,
you must allow protocol types 50 & 51, UDP 500 and UDP 10000.  UDP 10000 is
used for IPSec through NAT which will allow the client to be behind a NAT
enabled firewall.  I would suggest connecting the "Private" interface to a
DMZ on your firewall.  This allows you to inspect the unencrypted traffic
streams from the VPN 3000.


e.t.c

Any inputs wll be appreciated


Dennis (CCNP)


----------------------------------------------------------------------------
---------------------
21st century air travel     http://www.britishairways.com

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco CVPN3060 VPN

Reply via email to
