When I'm using digital certificates with VPN 3000 how can I be sure that I'm connecting with the correct concentrator and not with a rogue one which happens to be provided with a valid certificate, issued by a legitimate CA? In other words how is identity (IP address or hostname) checked by VPN 3000?