Specifications
Chapter 5 VPN and Security
5-7
Cisco VPN 3000 Family
Specifications
Cisco VPN 3000 Series Concentrators
Cisco VPN 3002 Hardware Client
Selected Part Numbers and Ordering Information
1
Feature VPN 3005 VPN 3015 VPN 3020 VPN 3030 VPN 3060 VPN 3080
Simultaneous IPSec
Users
200 100 750 1500 5000 10000
Simultaneous WebVPN
(Clientless) Users
50 75 200 500 500 500
Encryption Throughput
4 Mbps 4 Mbps 50 Mbps 50 Mbps 100 Mbps 100 Mbps
Encryption Method
Software Software Hardware Hardware Hardware Hardware
Encryption (SEP)
Module
001124
Redundant SEP
No No Optional Optional Optional Yes
Expansion Slots
0 4 1 (Redundant) 3 2 N/A
Upgradeable
No Yes Yes N/A N/A
Memory
32/64 MB (fixed) 128 MB 256 MB 128-512 MB 256/512 MB 256/512MB
Hardware Configuration
1U, Fixed 2U, Scalable Fixed 2U 2U, Scalable 2U, Scalable 2U
Power Supply
Single Single, with a
dual option
Single, with a
dual option
Single, with a
dual option
Single, with a
dual option
Dual
Client License
Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
LAN-to-LAN
Connections (internal
user database)
100 100 250 500 1000 1000
Dimensions (HxWXD)
1.75 x 17.5 x 11.5 in.3.5 x 17.5 x 14.5 in. 3.5 x 17.5 x 14.5 in. 3.5 x 17.5 x 14.5 in. 3.5 x 17.5 x 14.5 in. 3.5 x 17.5 x 14.5 in.
Feature VPN 3002 Hardware Client
Hardware Processor
Motorola PowerPC processor; Dual flash image architecture
Network Interfaces
CPVN3002-K9: One Public 10/100Mbps RJ-45 Ethernet Interface and One Private Port 10/100Mbps RJ-45 Ethernet
Interface
CVPN3002-8E-K9: One Public 10/100Mbps RJ-45 Ethernet Interface and Eight Private Port 10/100Mbps RJ-45
Ethernet Interfaces via AUTO-MDIX switch
Physical Dimensions
1.967 x 8.6 x 6.5 in. (5 x 8.6 x 16.51 cm)
Power Supply
External AC Operation: 100-240V at 50/60 Hz with universal power factor correction; 4 foot cord included and
international “pigtail” power cord selection
Tunneling Protocol
Support
IPsec with IKE key management
Monitoring &
Configuration
Event logging; SNMP MIB-II support
Embedded management interface is accessible via console port or local web browser; SSH/SSL
Encryption Algorithms,
Key Management &
Authentication Algorithms
56-bit DES (IPsec); 168-bit Triple DES (IPsec); AES 128 & 256-bit (IPsec)
Authentication and
Accounting Servers
Support for redundant external authentication servers including RADIUS
Microsoft NT Domain authentication, X.509v3 Digital Certs (PKC7-PKCS10)
Configuration Modes
Client Mode—acts as client, receives random IP address from Concentrator Pool; Uses NAPT to hide stations
3002; Network behind 3002 is unroutable; few configuration parameters
Network Extension Mode—acts as site-to-site device; Uses NAPT to hide stations only to Internet (stations visible
to central site); Network behind 3002 is routable; additional configuration parameters
Cisco VPN 3000 Concentrator
CVPN3005-E/FE-BUN VPN3005:Chassis, 2FE, 200 user, client, SW, US PWR
CVPN3015-NR-BUN VPN3015:Chassis, 3FE, 100 user, client, SW, US PWR
CVPN3020E-NRBUN-K9 VPN3020:Chassis, 3FE, SEP-E, 750 user, client, SW, US PWR
CVPN3020E-RDBUN-K9 VPN3020:Chassis, 3FE, 2SEP-E, 750 user, client, SW, 2 US PWR
CVPN3030E-NRBUN-K9 VPN3030:Chassis, 3FE, SEP-E, 1500 user, client, SW, US PWR
CVPN3030E-RDBUN-K9 VPN3030:Chassis, 3FE, 2SEP-E, 1500 user, client, SW, 2 US PWR
CVPN3060E-NRBUN-K9 VPN3060:Chassis, 3FE, 2SEP-E, 5k user, client, SW, US PWR
CVPN3060E-RDBUN-K9 VPN3060:Chassis, 3FE, 4SEP-E, 5k user, client, SW, 2 US PWR
CVPN3080E-RDBUN-K9 VPN3080:Chassis, 3FE, 4SEP-E, 10k user, client, SW, 2 US PWR
Cisco VPN 3000 Series Upgrades
CVPN3000-UKITA-K9= 1SEP-E,1PS,512MB memory,4.0 OS and boot,client SW
CVPN3000-UKITB-K9= 2SEP-E,1PS,512MB memory,4.0 OS and boot,client SW
CVPN3000-UKITC-K9= 3SEP-E,1PS,512MB memory,4.0 OS and boot,client SW
CVPN3000-UKITD-K9= 4SEP-E,1PS,512MB memory,4.0 OS and boot,client SW