VPN

8

 

Configuring Teleworker VPN Client

 

 

 

 

 

Network Extension Mode

Network Extension Mode (NEM) specifies that the PCs and other hosts at the client end of the VPN tunnel should be given IP addresses that are fully routable and reachable by the destination network over the tunneled network so that they form one logical network. PAT is not used, which allows the client PCs and hosts to have direct access to the PCs and hosts at the destination network. In NEM mode, the Cisco VPN hardware client obtains a private IP address from a local DHCP server or is configured with a static IP address.

Figure 8 illustrates the network extension mode of operation. In this example, the security appliance acts as a Cisco VPN hardware client, connecting to a remote IPsec VPN server. The hosts attached to the security appliance have IP addresses in the 10.0.0.0 private network space. The server does not assign an IP address to the security appliance, and the security appliance does not perform NAT or PAT translation over the VPN tunnel. When accessing the remote network 192.168.100.x, the hosts 10.0.0.3 and 10.0.04 will not be translated, and the hosts in the remote network 192.168.100.x can access the hosts 10.0.0.3 and 10.0.04 directly.

The client hosts are given IP addresses that are fully routable by the destination network over the VPN tunnel. These IP addresses could be either in the same subnet space as the destination network or in separate subnets, assuming that the destination routers are configured to properly route those IP addresses over the VPN tunnel.

Figure 8 IPsec VPN Network Extension Connection

192.168.100.x

10.0.0.3

WAN

WAN

202.0.0.1

203.0.0.1

 

VPN tunnel

 

Internet

ISA500

Cisco Device

as a Cisco IPSec

as a Cisco IPSec

VPN Client

VPN Server

10.0.0.4

283056

Cisco ISA500 Series Integrated Security Appliances Administration Guide

367

Page 367
Image 367
Casio ISA550WBUN3K9 manual Network Extension Mode, IPsec VPN Network Extension Connection