Cisco 3002 - VPN Hardware Client Dokumentacja Pobierz pdf (Strona 8)

Features Summary

Release Notes for Cisco VPN 3002 Hardware Client Release 3.1

78-13771-01

Modes

The VPN 3002 works in either of two modes: Client mode or Network Extension

mode.

• Client mode, also called PAT (Port Address Translation) mode, isolates all

devices on the private network from the public network.

In Client mode, all traffic from the private network appears on the public

network with a single source IP address, which is the IP address assigned for

tunneled traffic from the central-site VPN Concentrator. The IP addresses of

the devices on the VPN 3002 private network are hidden; you can not ping or

access a device on the VPN 3002 private network from the central site. Some

applications are incompatible with PAT mode.

• Client Mode with Split Tunneling

You always assign the VPN 3002 to a client group on the central-site

Concentrator. If you enable split tunneling for that group, IPSec and PAT are

applied to all traffic that travels through the VPN 3002 to networks within the

network list for that group behind the central-site Concentrator.

Traffic from the VPN 3002 to any destination other than those within the

network list for that group on the central-site Concentrator travels in the clear

without applying IPSec. NAT translates the network addresses of the devices

connected to the VPN 3002 private interface to the assigned IP address of the

public interface and also keeps track of these mappings so that it can forward

replies to the correct device.

The network and addresses on the private side of the VPN 3002 are hidden,

and cannot be accessed directly.

• Network Extension mode allows devices behind the central-site

Concentrator to have direct access to devices on the VPN 3002 private

network. All nodes on the VPN 3002 private network are uniquely

addressable via the tunnel, and only over the tunnel. It also supports

applications that use dynamically numbered ports.

To use Network Extension Mode, you must configure an IP address other than

the default for the VPN 3002 private interface, and you must disable PAT

mode.

• Network Extension Mode with Split Tunneling

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 19 20

Brak uwag

Cisco 3002 - VPN Hardware Client Dokumentacja Strona 8