System information
VPN Concentrator Configuration
135
Cisco VPN 3000 Concentrator Configuration Requirements
Figure 4-2 shows a typical VPN concentrator configuration using a Cisco VPN 3005 Concentrator.
The Public interface connects to the Internet through a security device such as a firewall or
border router (not shown in this diagram). The Private interface connects to the local network,
in this case supporting Domain Name System (DNS), Windows Internet Naming Service (WINS),
and DHCP servers. On those models that have a third interface, you can establish a demilitarized
zone (DMZ), which could contain some of these elements and, most likely, your Internet server.
Connection to the Public and Private 10/100-Mbps Ethernet interfaces is done using UTP/STP
CAT-5 cabling with RJ-45 connectors.
Figure 4-2
VPN 3005 Concentrator Configuration
You need to attach a console for the initial configuration. The console port takes a standard
straight-through RS-232 serial cable with a female DB-9 connector, which Cisco supplies with
the system. Once the Private interface has been configured, you can access the concentrator
from your administrator workstation using a web browser such as Internet Explorer or Netscape
Navigator.
In addition to the physical connections, you also need to plan your IKE phase 1 and phase 2
settings. If you are going to be using preshared keys, you must select that key as well. The
chpt_04.fm Page 135 Friday, April 4, 2003 9:19 AM