Firewall Based VPN Solutions

Central site

Remote site

Central site

Remote site

Extranet Business-to-business

© 2003, Cisco Systems, Inc. All rights reserved.

The last solution is firewall-based VPNs. Firewall-based VPN solutions are not a technical issue but a management issue. The question is who manages the VPN network. If corporate security manages the VPN network, a firewall-based VPN may be the VPN solution of choice. Corporations can enhance their existing firewall systems to support VPN services.

VPN Product Function Matrix and Positioning


Site-to-site VPN

Remote access VPN

VPN-enabled router

Primary role (full-fledged IOS)

Secondary role


Secondary role

Primary role (full-fledged remote access solution)

PIX Firewall

Security organization owns VPN solution

Enhance existing PIX Firewall with the VPN remote access solution

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.0—3-8

The VPN product function matrix compares VPN networks and Cisco products. In the top row of the table there are the two VPN applications: remote access and site-to-site. In the left column of the table, there are three product lines: VPN-enabled routers, the Concentrator, and the PIX Firewall. If the primary role of the equipment is to perform as a site-to-site VPN with a few remote access connections, the VPN-enabled router is the primary product. On the other hand, if the primary role is to perform as a remote access VPN with a few site-to-site connections, Concentrator is the product of choice. If the network is owned by the security organization, the PIX Firewall is the primary VPN product.

The following can be used as a reference for overall Cisco IP VPN positioning: ■ Dedicated VPN

— 3000 for remote access

VPN-enabled routers series

— 7200/7400/Cat6500

— PIX Firewall 5xx

Remote Access VPNs—Concentrator


Remote access client Central site

Remote access client Central site

• Connection of remote sites, users, and partners across a VPN

• High-density, low-bandwidth connections

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.0—3-9

The Cisco VPN 3000 Concentrator Series is a family of purpose-built, remote access VPN platforms and VPN Client software that incorporates high availability, high performance, and scalability with the most advanced encryption and authentication techniques available today. With the Cisco VPN 3000 Concentrator Series, customers can take advantage of the latest VPN technology to vastly reduce their communications expenditures. Unique to the industry, it is the only scalable platform to offer field-swappable and customer-upgradeable components. These components, called Scalable Encryption Processing (SEP) modules, enable companies to easily add capacity and throughput.

With all versions of the Concentrator, the Cisco VPN Client is provided at no additional charge and includes unlimited distribution licensing. The Cisco VPN 3000 Concentrator Series is available in redundant or load-balancing configurations, enabling customers to build the most robust, reliable, and cost-effective VPNs possible.

The Cisco VPN 3002 Hardware Client is a network appliance used to connect Small Office Home Office (SOHO) LANs to the VPN. The device comes in either a single port or eight-port switch version. The Hardware Client replaces traditional VPN Client applications on individual SOHO computers.

All models in the Cisco VPN 3000 Concentrator Series support an easy-to-use management interface accessible via a web browser.

Was this article helpful?

+1 -2


  • Emmanuel
    What is firewall based vpn?
    10 months ago

Post a comment