Cisco 3002 - VPN Hardware Client Dokumentacja Pobierz pdf (Strona 9)

Release Notes for Cisco VPN 3002 Hardware Client Release 3.1

78-13771-01

Features Summary

You always assign the VPN 3002 to a client group on the central-site

Concentrator. If you enable split tunneling for that group, IPSec operates on

all traffic that travels through the VPN 3002 to networks within the network

list for that group behind the central-site Concentrator. PAT does not apply.

Traffic from the VPN 3002 to any other destination than those within the

network list on the central-site Concentrator travels in the clear without

applying IPSec. NAT translates the network addresses of the devices on the

VPN 3002 private network to the address of the VPN 3002 public interface.

Thus the network and addresses on the private side of the VPN 3002 can be

accessed directly over the tunnel, but are protected from the Internet, that is,

they cannot be accessed directly.

Tunnel Initiation

The VPN 3002 always initiates the tunnel to the central-site Concentrator. The

central-site Concentrator cannot initiate a tunnel to a VPN 3002. The VPN 3002

creates only one IPSec tunnel to the central-site Concentrator, in either PAT or

Network Extension mode. With split tunneling enabled, it can support multiple

unencrypted data streams.

After the tunnel is established between the VPN 3002 and the central-site

Concentrator, the central-site Concentrator can initiate data exchange only in

Network Extension mode with all traffic travelling through the tunnel. If you want

the tunnel to remain up indefinitely, you should configure the VPN 3002 for

Network Extension mode and not use split tunneling.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 ... 19 20

Brak uwag

Cisco 3002 - VPN Hardware Client Dokumentacja Strona 9