VPN

8

 

Configuring Teleworker VPN Client

 

 

 

 

 

Network Extension Mode, page 367

Client Mode

Client mode specifies that NAT or PAT be done so that the PCs and other hosts at the remote end of the VPN tunnel form a private network that do not use any IP addresses in the IP address space of the destination server. In Client mode, the outside interface of the Cisco VPN hardware client can be assigned an IP address by the remote server.

Figure 7 illustrates the client mode of operation. In this example, the security appliance provides access to two PCs, which have IP addresses in the 10.0.0.0 private network space. These PCs connect to the Ethernet interface on the security appliance, and the server assigns an IP address 192.168.101.2 to the security appliance. The security appliance performs NAT or PAT translation over the VPN tunnel so that the PCs can access the destination network. When accessing the remote network 192.168.100.x, the hosts 10.0.0.3 and 10.0.04 will be translated to 192.168.101.2, but hosts in the remote network 192.168.100.x cannot access the hosts 10.0.0.3 and 10.0.04.

Figure 7 IPsec VPN Client Connection

192.168.100.x

10.0.0.3

WAN

WAN

202.0.0.1

203.0.0.1

Inside

VPN tunnel

Internet

10.0.0.0

ISA500

Cisco Device

as a Cisco IPSec

as a Cisco IPSec

VPN Client

VPN Server

(192.168.101.2)

 

10.0.0.4

283048

Cisco ISA500 Series Integrated Security Appliances Administration Guide

366

Page 366
Image 366
Casio ISA550WBUN3K9 manual Client Mode, Network Extension Mode