Evaluated Product - Details

Return to the EPL index

Cisco VPN 3000 Concentrator

Product type: Network and Network Related Devices and Systems
Product Status: Archived
Assurance Level: EAL2

Version: Versions: Cisco VPN 3000 Concentrators (version 4.1.7.N for 3005, 3015, 3020, 3030, 3060, 3080) | Cisco VPN 3002, 830 and PIX 501 Hardware Clients (version 4.7.2.D for 3002, 3002-8E, version 12.4(5a) for 831, 837 and version 6.3(5) for PIX 501) | Cisco VPN Software Clients (version 4.8.00 for Windows, Linux and version 4.6.02 for Solaris) | Certicom Movian Software Clients (version 4.0 for PocketPC 2002, PalmOS) | Worldnet21 AnthaVPN Software Client (version 5.6.2 for Windows CE.NET 4.2) | Cisco Secure ACS (version 4.0 for Windows 2000 Server)

Product Details

Product Description

Certification Country: AUSTRALIA/NEW ZEALAND (2007)
Certificate Details: 2007/42, May 2007
Certification Method: CC
Evaluation Facility: CSC
Manufacturer/Vendor/Distributor: Cisco Systems


Cisco Systems Inc
Global Certifications

Phone: + 1 410 309 4862
Email: certteam@cisco.com
Website: http://www.cisco.com

Senior Systems Engineering Manager
Tony Hall
Sales / Channels

Phone: +61 2 6216 0647
Mobile: +61 401 890577
Email: anthhall@cisco.com


Certification Report
Security Target

The Cisco Remote Access VPN enables trusted end systems such as desktop computers and notebooks, handheld computers and PDAs, and small trusted LANs, to establish secure connections to a trusted network over anuntrusted network. The evaluated solution includes VPN concentrators, VPN clients (software and hardware), and an (optional) authentication server.

The VPN Concentrator terminates secure connections established across an untrusted network from trusted IT systems equipped with the VPN client to provide access to a trusted network. The VPN concentrator has two physical interfaces; one connected to an untrusted network and the other connected to a trusted network.

The software VPN clients are used when a single trusted IT system requires a secure connection to a trusted network over an untrusted network, and the trusted IT system uses one of the operating systems supported by the software clients.

The hardware VPN client is used to securely connect a single trusted IT system that does not use one of the operating systems supported by the software clients to a trusted network over an untrusted network, or securely connect a single trusted LAN of trusted IT systems to a trusted network over an untrusted network.

The authentication server (CiscoSecure ACS) can be used to store authentication credentials to validate connections from VPN clients to the VPN concentrator.

Connections between clients and concentrators are secured using IPSec as defined in RFC 2401-2410 and 2415, with both MODECONFIG and XAUTH extensions. VPN client connections are authenticated using a combination of groupname/password or digital certificate, and username/password digital certificate. The use of SmartCards and Tokens is supported with the Windows VPN client.