Cisco Systems
Copyright © 2001 Cisco Systems, Inc. All Rights Reserved.
Page 5 of 6
Instrumentation and Physical Ports
Front panel: status LEDs for Power, Tunnel Status and
VPN establishment
Rear panel: status LEDs for Ethernet ports (amber/green)
Rear connectors for CVPN 3002-K9: three (3) RJ-45
ports including (1) public port, (1) private port and (1)
console port with full signals
Rear connectors for CVPN 3002-8EK9: ten (10) RJ-45
portsincluding(1) public port,(8)privateportswitch and
(1) console port with full signals
Reset switch: resets unit to factory defaults
Power cord connector
Approvals
Product bears CE Marking indicating compliance with
the 89/336/EEC and 72/23/EEC Directives: UL 60950,
CSA C22.2 No.60950, IEC 60950, EN 60950, AS/NZS
3260, FCC (CFR47) Part 15 Class B, ICES-003 Class B,
EN55022 Class B, CISPR22 Class B, AS/NZS3548 Class
B, VCCI Class B, EN55024, EN50082-1
Tunneling Protocol Support
IPSecurity(IPSec) withInternetKeyEncryption (IKE) key
management
Cisco Unified Client Framework
Compatibility
Connects in Client mode with Cisco VPN 3000
Concentrators, Cisco PIX Firewalls, and many Cisco IOS
(Central Site Concentrators. Works with devices that
comply with the Cisco Unified Client Protocol
Specification..
Monitoring and Configuration
Event logging; SNMP MIB-II support
Embedded management interface: accessible via console
port or local Web browser; Secure Shell (SSH)/Secure
Socket Layer (SSL)
Encryption Algorithms, Key Management, and
Authentication Algorithms
56-bit Data Encryption Standard (DES) (IPSec); 168-bit
Triple DES (3DES) (IPSec); AES (128256-bit); MD5;
SHA-1; HMAC with MD5; HMAC with SHA-1
Authentication
• Unit User Name and Password preshared secret or
Digital Certificates and/or Tokens
• Browser intercepted Interactive Unit Authentication
with One Time or Saved Passwords
• Browser intercepted Individual User Authentication for
up to 253 users behind the 3002; security information
maintained at the central site
• SDI Tokens supported: Digital Certificates supported
for Unit Authentication only (not for Individual User
Authentication)
• Patent Pending on VPN 3002 Interactive Unit
Authentication only (not for Individual User
Authentication with HTTP Redirect)
Configuration Modes
Client mode: Cisco VPN 3002 acts as client, receives IP
address from a concentrator pool; uses PAT to hide
stations behind the Cisco VPN 3002; network behind the
Cisco VPN 3002 is unroutable (invisible to central site
and the world); provides few configuration parameters
Network Extension mode: Cisco VPN 3002 acts as
site-to-site device; uses PAT to hide stations only to
Internet (stations visible or routable to central site);
networkbehindtheCiscoVPN 3002 is routable;provides
additional configuration parameters
Authentication, Authorization, and Accounting
(AAA)
Supports Remote Authentication Dial-In User Service
(RADIUS) accounting and security from the central site
Part Numbers
Part Number Description
CVPN3002-K9
Basic unit without switch; software
and power cord ordered
separately
CVPN3002-8E-K9
Unit with 8-port switch; software
and power cord ordered
separately
CVPN3002-BUN-K9
Includes hardware, latest software,
and US power cord
CVPN3002-8E-BUN-K9
Includes 8-port switch, hardware,
latest software, and US power cord
Comments to this Manuals