1-2
VPN 3002 Hardware Client Getting Started
OL-2854-01
Chapter 1 Understanding the VPN 3002 Hardware Client
Client Mode and Network Extension Mode
All systems feature:
•
Motorola PowerPC CPU
•
SDRAM memory for normal operation
•
Nonvolatile memory for critical system parameters
•
Flash memory for file management
•
Software-based encryption
•
Single power supply
Client Mode and Network Extension Mode
The VPN 3002 works in either of two modes: Client mode or Network Extension mode. Client mode is
the default.
Online Technical Snapshot Explains PAT and Network Extension Modes
A new interactive multimedia piece explains the differences between Client (PAT) mode and Network
Extension mode. To view it, go to this url:
http://www.cisco.com/mm/techsnap/VPN3002_techsnap.html
Your web browser must be equipped with a current version of the Macromedia Flash Player to view the
content. If you are unsure whether your browser has the most recent version, you may want to download
and install a free copy from:
http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
Client Mode (PAT)
Client mode, also called Port Address Translation (PAT) mode, isolates all devices on the VPN 3002
private network from those on the corporate network. In PAT mode:
•
IPSec encapsulates all traffic going from the private network of the VPN 3002 to the network(s)
behind the Internet Key Exchange (IKE) peer, that is, the central-site VPN Concentrator.
•
PAT mode employs NAT (Network Address Translation). NAT translates the network addresses of
the devices connected to the VPN 3002 private interface to the IP address of the VPN 3002 public
interface. The central-site VPN Concentrator assigns this address. NAT also keeps track of these
mappings so that it can forward replies to the correct device.
All traffic from the private network appears on the network behind the central-site VPN Concentrator
(the IKE peer) with a single source IP address. This IP address is the one the central-site VPN
Concentrator assigns to the VPN 3002. The IP addresses of the computers on the VPN 3002 private
network are hidden. You cannot ping or access a device on the VPN 3002 private network from outside
of that private network, or directly from a device on the private network at the central site.