Home > Articles > Certification > Cisco Certification > CCNP Security / CCSP

Cisco VPN 3000 Concentrator Hardware

  • Print
  • + Share This
It is important to understand the hardware aspects of the Cisco VPN 3000 Concentrator hardware series. David Minutella explains what you'll need to know about them to pass the CCSP CSVPN Exam.
This chapter is from the book

Terms you'll need to understand:

  • Client mode

  • Network Extension mode

  • SEP

  • SEP-E

  • VRRP

  • VCA protocol

Techniques you'll need to master:

  • Identifying the default hardware components of the VPN 3000 Concentrators

  • Identifying the standard performance statistics for the VPN 3000 Concentrators

  • Understanding SEP redundancy

  • Comprehending the utilization of VRRP for concentrator redundancy

  • Understanding concentrator load balancing functionality

  • Recognizing the principle of bandwidth management

This chapter introduces the hardware platforms for Cisco's VPN 3002 Hardware Client and the VPN 3000 Concentrator series. It is crucial that you understand the hardware aspect of the equipment before the actual configuration to provide a foundation for the components that you are configuring. Table 3.1 illustrates the Cisco VPN Concentrator and Client offerings and the locations in which you would implement these appliances.

Table 3.1 Cisco VPN Concentrator and Client Platform Overview

Concentrator Model


Hardware Encryption


3002 Hardware Client

2.2Mbps/1 Session




4Mbps/100 Remote Sessions


Small ROBO


4Mbps/100 Remote Sessions


Small ROBO


50Mbps/1500 Remote Sessions

1 SEP Module

Medium ROBO


100Mbps/5000 Remote Sessions

2 SEP Modules

Central Site/SP


100Mbps/10,000 Remote Sessions

4 SEP Modules

Central Site /SP

SOHO Cisco VPN 3002 Hardware Client

The 3002 Hardware Client provides hardware stability for small offices in which remote access VPN tunnels to the main office are required. Instead of installing the software client on multiple end-devices, the Cisco VPN 3002 Hardware Client offloads that responsibility onto itself by initiating the VPN tunnel on behalf of the clients behind it. This functionality, known as Client mode, utilizes Port Address Translation (PAT) to hide the devices behind the hardware client. The 3002 can also support site-to-site connectivity in Network Extension mode. Configuration is simple because of its pushed-policy feature in which the 3002 inherits configuration parameters from the head-end VPN concentrator.

The VPN 3002 Hardware Client is capable of providing up to 10Mbps of throughput of unencrypted data and 2.2Mbps of software-based encrypted data over a single VPN tunnel. It comes standard with a public 10/100 Ethernet interface, which connects to an external Internet WAN router. The CVPN-3002 model has a single private 10/100 Ethernet interface, whereas the CVPN-3002-8E model has an embedded auto-MDIX 8-port switch. The fact that this appliance does not need to rely on unstable computer platforms and can maintain substantial throughput, means the VPN 3002 Hardware Client is a robust solution in comparison to software-based clients. Figure 3.1 illustrates the CVPN 3002-8E model.

Figure 3.1Figure 3.1 Cisco CVPN 3002-8E Hardware Client.

  • + Share This
  • 🔖 Save To Your Account