Client Mode And Network Extension Mode - Cisco ASA 5505 Getting Started Manual

Client Mode and Network Extension Mode

Figure 11-1 Easy VPN Components in a Virtual Private Network
Hardware Client)
Client Mode and Network Extension Mode
ASA 5505 Getting Started Guide
11-2
Using an Easy VPN solution simplifies the deployment and management of a
VPN in the following ways:
Hosts at remote sites no longer have to run VPN client software.
•
Security policies reside on a central server and are pushed to the remote
•
hardware clients when a VPN connection is established.
Few configuration parameters need to be set locally, minimizing the need for
•
on-site administration.
Figure 11-1 illustrates how Easy VPN components can be deployed to create a
VPN.
Remote LAN
ISP router
ASA 5505
(Easy VPN
When used as an Easy VPN hardware client, the ASA 5505 can also be configured
to perform basic firewall services, such as protecting devices in a DMZ from
from unauthorized access. However, if the ASA 5505 is configured to function as
an Easy VPN hardware client, it cannot establish other types of tunnels. For
example, the ASA 5505 cannot function simultaneously as an Easy VPN
hardware client and as one end of a standard peer-to-peer VPN deployment.
The Easy VPN hardware client supports one of two modes of operation: Client
Mode or Network Extension Mode (NEM). The mode of operation determines
whether the hosts behind the Easy VPN hardware client are accessible from the
enterprise network over the tunnel.
Chapter 11 Scenario: Easy VPN Hardware Client Configuration
Internet
Easy VPN Server
(ASA 5500 Series
Adaptive Security Appliance,
Cisco VPN 30xx,
or Cisco IOS 12.2(8)T)
Central LAN
Push remote
configuration
78-18003-02