Network Extension Mode; Vpn 3000 Concentrator Settings Required For Network Extension Mode; Enabling Or Disabling Pat - Cisco CVPN3002-K9 - Fast Ethernet VPN Gateway Getting Started

Configuring PAT or Network Extension mode
3.
4.
5.

Network Extension Mode

Network Extension mode allows the VPN 3002 to present a full, routable network to the tunneled
network. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the
central-site VPN Concentrator, but PAT does not apply. Therefore, devices behind the VPN Concentrator
have direct access to devices on the VPN 3002 private network via the tunnel, and only over the tunnel,
and vice versa.
In this mode, the VPN Concentrator does not assign an IP address for tunneled traffic (as it does in
Client/PAT mode). The tunnel is terminated with the VPN 3002 private IP address (i.e., the assigned IP
address). To use Network Extension mode, you must configure an IP address other than the default of
192.168.10.1 and disable PAT.

VPN 3000 Concentrator Settings Required for Network Extension Mode

For the VPN 3002 to use Network Extension mode, these are the requirements for the central-site VPN
Concentrator.
1.
2.
3.
4.
5.
For more information about Network Extension mode, see the
Mode" section on page

Enabling or Disabling PAT

If you have changed the private interface IP address, the system prompts you to enable or disable PAT:
VPN 3002 Hardware Client Getting Started
4-14
Configure a group to which you assign this VPN 3002. This includes assigning a group name and
password. See Chapter 14, "User Management," in the VPN 3000 Series Concentrator Reference
Volume 1: Configuration.
Configure one or more users for the group, including usernames and passwords.
For more information about PAT (Client) mode, see the
Mode" section on page 3-13.
The VPN Concentrator at the central site must be running Software version 3.0 or later.
Configure a group to which you assign this VPN 3002. This includes assigning a group name and
password. See Chapter 14, "User Management," in the VPN 3000 Series Concentrator Reference
Volume I: Configuration.
Configure one or more users for the group, including usernames and passwords.
Configure either a default gateway or a static route to the VPN 3002 private network. See
Chapter 8, "IP Routing," in the VPN 3000 Series Concentrator Reference Volume I: Configuration.
If you want the VPN 3002 to be able to reach devices on other networks that connect to this VPN
Concentrator, review your Network Lists. See Chapter 15, "Policy Management," in the VPN 3000
Series Concentrator Reference Volume I: Configuration.
3-13.
1) Enable PAT over the IPSec Tunnel
2) Disable PAT over the IPSec Tunnel (Network Extension)
Quick ->
To disable PAT, and use Network Extension mode, at the prompt enter 2. Note that you can not
disable PAT if you have not changed the IP address for the private interface.
Chapter 4 Using the Command-Line Interface for Quick Configuration
"Configuring PAT or Network Extension
"Configuring PAT or Network Extension
OL-2854-01