Easy VPN Remote Modes of Operation
The Easy VPN Remote supports the following two modes of operation:
¦ Client mode
¦ Network extension mode
In client mode, the Easy VPN Server automatically creates NAT/PAT associations that allow
the PCs and other hosts on the client side of the VPN connection to form a private network
that does not use any IP addresses in the address space of the Easy VPN Server.
Easy VPN Remote Modes of Operation 417
In network extension mode, the PCs and other hosts at the client end of the IPSec tunnel are
assigned fully routable IP addresses that are reachable from the server network (by the IPSec
tunnel session), forming one logical network. In this mode, PAT is not used so that client
systems have direct access to the PCs and hosts on the destination network.
NOTE The NAT/PAT translations and access control list (ACL) configurations created by
the Easy VPN Remote feature are not written to either the startup configuration or the
running configuration. You can view these configurations, however, using the show ip nat
statistics and show access-list commands (or the show vpnclient detail on the Security
Appliance) when the configuration is active.