1. Trang chủ
  2. » Kỹ Thuật - Công Nghệ

vpn roadshow module 2 3000

40 227 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 40
Dung lượng 718,24 KB

Các công cụ chuyển đổi và chỉnh sửa cho tài liệu này

Nội dung

VPV RoadshowVPN 3005 Concentrator Private Public 100–240V power supply... VPV RoadshowVPN 3080 Concentrator Private Private SEP module Slots... VPV RoadshowIPSec Client to LAN Components

Trang 1

© 2003, Cisco Systems, Inc All rights reserved VPN Roadshow

Cisco VPN Partner Technical Development

Module 2 : VPN 3000 Configuration

APAC Channels Technical Operations

Trang 2

Course Agenda

Trang 3

© 2003, Cisco Systems, Inc All rights reserved VPN Roadshow

Cisco VPN 3000 Concentrator

Series

Trang 4

VPN Concentrator Series

VPN 3030 regional office

VPN 3030 regional office

VPN 3005 or 3015

branch office Internet

VPN 3060 or 3080 central site

Trang 5

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

VPN 3005 Concentrator

Private Public

100–240V power supply

Trang 6

VPN 3015 Concentrator

SEP module Slots

Private Private 100-240V power supplies

load sharing

100–240V power

supplies load sharing

External External

Trang 7

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

VPN 3030 Concentrator

SEP module Slots

Trang 8

External External

Trang 9

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

VPN 3080 Concentrator

Private Private

SEP module Slots

Trang 10

Concentrator Product Comparison

1000 1000

500 100

100 Site-to-Site Tunnels

N 4 2 256M HW

10000 100M 2U

3080

Y 2 2 256M HW

5000 100M 2U

3060

Y Y

N Upgradeable

0

Up to 2 64M SW

100 4M 2U

3015

128M 32M

Memory

HW SW

Encryption

1 0

SEP Modules

Up to 2 1

Power Supplies

1500 100

Remote Access Sessions

50M 4M

Performance

2U 1U

Height

3030 3005

Feature

Trang 11

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Scalable Encryption Processor—SEP2

POWER STATUS

SEP-200U

DSP-based hardware encryption—1,500 to 5,000 simultaneous sessions

Trang 12

SEP Redundancy

SEP redundancy redundancy SEP

Failover

Trang 13

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Slave

Trang 14

Server

Private network

Public network

Master

Non-master

Load Balancing

Trang 15

© 2003, Cisco Systems, Inc All rights reserved VPN Roadshow

Overview of Remote Access

Using Pre-Shared Keys

Trang 16

Client to LAN

Internet service provider

Trang 17

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

IPSec Client to LAN Components

VPN Concentrator

Internet

ISP ISP

Internet

Application

server

PPP connectivity Dial access

Telecommuter with the Cisco VPN 3000 Concentrator Series Client

IPSec tunnel or session

Trang 18

Telecommuter with the Cisco VPN 3000 Concentrator Series Client Internet

ISP

VPN public IP 192.168.1.5

Trang 19

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

IPSec “Windows” Client

Cisco VPN “Windows”

Client software

Installed on Windows system

Trang 20

Summary (cont.)

Mode configuration enables the Cisco VPN

3000 Concentrator Series to push the network information to the Cisco VPN 3000

Concentrator Series Client.

The Cisco VPN 3000 Concentrator Series can use several different types of authentication servers.

The Cisco VPN 3000 Concentrator Series

provides extensive monitoring capabilities.

Trang 21

© 2003, Cisco Systems, Inc All rights reserved VPN Roadshow

Remote Access Configuration

of the Cisco VPN 3000 Concentrator Series

Trang 23

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Trang 24

System Information

Trang 25

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Protocols

Internet

Internet

IPSec

Trang 26

Address Assignment

DHCP server

10.0.1.10

DHCP address Internet

Internet

Trang 27

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

External Authentication—NT Domain

NT domain

10.0.1.10

User authentication

Internet

Internet

Cisco VPN

3000 Concentrator Series Client

Computer Name: BOSTON

Domain: Domain_BOSTON

Trang 28

Configure Users and Groups

Trang 29

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Customer Service /Base/Service

MIS /Base/Sales

Finance

Groups and Users

Base Group Corporate

Groups Department

Users Individuals

VP of MIS

Trang 30

User and Group Policies

Access rights and privileges

Trang 31

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Group Database

Cisco VPN

3000 Concentrator Series Client

Internal server

Group:

Training Internet

Internet

Trang 32

Admin Password

Trang 33

© 2003, Cisco Systems, Inc All rights reserved VPN Roadshow

CA Support Overview

Trang 34

CA Server Fulfilling

Requests from IPSec Peers

Each IPSec peer individually enrolls with the CA server.

CA server

Trang 35

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Digital Signature

Remote

Internet

Pay to Terry Smith $100.00

One Hundred and xx/100 Dollars

Pay to Terry Smith $100.00

One Hundred and xx/100 Dollars

4ehIDx67NMop9

Hash algorithm

Hash algorithm

Encryption algorithm

Encryption algorithm

Decryption algorithm Hash

Public key

Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars

4ehIDx67NMop9

Hash

Match

Trang 36

Why Digital Certificates

Trang 37

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Certificate-Based Authentication

Certificate Authority

trusted third party

Request certificate

Request certificate Issue

certificates

Digital certificates

Alex

Terry

Alex Terry

Trang 38

Certificate Authorities (CA)

Trang 39

© 2003, Cisco Systems, Inc All rights reserved VPV Roadshow

Public Key Infrastructure (PKI)

Ngày đăng: 16/11/2014, 19:51

Xem thêm

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN