1-7
VPN 3000 Series Concentrator Getting Started
78-15733-03
Chapter 1 Understanding the VPN 3000 Concentrator
How the VPN Concentrator Works
How the VPN Concentrator Works
The VPN Concentrator creates a virtual private network by creating a secure connection across a TCP/IP
network (such as the Internet) that users see as a private connection. It can create single-user-to-LAN
connections and LAN-to-LAN connections.
The secure connection is called a tunnel, and the VPN Concentrator uses tunneling protocols to negotiate
security parameters, create and manage tunnels, encapsulate packets, transmit or receive them through
the tunnel, and unencapsulate them. The VPN Concentrator functions as a bidirectional tunnel endpoint:
it can receive plain packets, encapsulate them, and send them to the other end of the tunnel where they
are unencapsulated and sent to their final destination. It can also receive encapsulated packets,
unencapsulate them, and send them to their final destination.
The VPN Concentrator performs the following functions:
•
Establishes tunnels
•
Negotiates tunnel parameters
•
Authenticates users
•
Assigns user addresses
•
Encrypts and decrypts data
•
Manages security keys
•
Manages data transfer across the tunnel
•
Manages data transfer inbound and outbound as a tunnel endpoint or router
The VPN Concentrator invokes various standard protocols to accomplish these functions.
Client Software
Compatibility
•
Cisco VPN Client (IPSec):
–
Windows 98 and Windows ME
–
Windows NT
®
4.0, Windows 2000, and Windows XP
–
Mac OS X 10.1 and 10.2 Jaguar
–
Linux Intel v2.2/v2.4 kernels and Solaris ULTRASparc 32-bit and
64-bit (command-line interfaces only)
•
Microsoft VPN Clients:
–
Windows® 95, Windows 98, Windows ME, Windows NT 4.0,
Windows 2000, and Windows XP (PPTP)
–
Windows 98, Windows ME, Windows NT 4.0, Windows 2000 and
Windows XP (L2TP over IPSec)
•
Certicom movianVPN Client (ECC, handheld)
Other Features
•
Software data compression
•
Split tunneling
•
Bandwidth management
VPN Feature
Description