Home > Articles

  • Print
  • + Share This
This chapter is from the book

Small ROBO VPN 3000 Concentrators

When your Cisco VPN concentrator is implemented in a small remote office for remote access VPN tunnel termination and site-to-site connectivity, the 3005 and 3015 are ideal VPN concentrators.

Depicted in Figure 3.2, the 3005 has a relatively small footprint, taking up one rack unit. Utilizing software for encryption, the Cisco 3005 VPN Concentrator can support up to 100 simultaneous sessions. The 3005 comes standard with 32MB of SRAM and two autosensing 10/100 Ethernet interfaces. The left Ethernet interface is the private Ethernet interface, which connects to the inside corporate network. To connect to the outside world, the other Ethernet interface, called the public interface, connects to a perimeter Internet router or a firewall. Because the 3005 Concentrator is a smaller fixed model, it is not capable of being upgraded with Scalable Encryption Processing (SEP) or Enhanced SEP (SEP-E) hardware modules for hardware-based VPN acceleration. SEP and SEP-E modules provide an increase in performance and throughput over software-only encryption by offloading the encryption processing from the concentrator central processing unit.

Figure 3.2Figure 3.2 ESP Cisco VPN 3005 Concentrator.

In comparison to the 3005, the Cisco 3015 VPN Concentrator is larger and takes up two rack units. The 3015 is bundled standard with 64MB of SRAM and three autosensing 10/100 Ethernet interfaces. The private and public interfaces are still present in this model, but the 3015 has an additional interface located on the right of the chassis named the external interface. This Ethernet interface connects to the corporate DMZ. Similar to the 3005, the 3015 VPN Concentrator uses software encryption; however, the 3015 is capable of being upgraded with an SEP module. When it utilizes software encryption, it can support up to only 100 remote access and site-to-site sessions.

CAUTION

Starting with software version 3.6, the 3015 VPN Concentrators and up support Advanced Encryption Standard (AES). In addition, the VPN concentrators running software version 4.0 support AES hardware acceleration with the SEP-E module. You cannot combine SEP-E with SEP modules in the same chassis.

Be sure to carefully read the questions concerning the concentrator's ability to support AES. Unless the SEP-E accelerator cards are specifically mentioned, the VPN 3000 Concentrator performs AES encryption via software.

The 3015 also has an optional slot for a redundant power supply. Figure 3.3 displays the hardware design for the 3015.

Figure 3.3Figure 3.3 Cisco VPN 3015 Concentrator.

  • + Share This
  • 🔖 Save To Your Account