Set the Easy VPN Remote device to one of two modes, client mode or
network extension mode. In client mode, the remote PIX Security Appliance
applies PAT to all client IP addresses connected to the inside interface. In
the example in the figure, when PC 10.1.1.2 attempts connect to the server at
the central site, the remote PIX translates the original PC IP address and port
number using the IP address and a port number of the outside interface, port
address translation. Due to the translation, the IP address of PC1 is not
visible from the central site.
The other option is network extension mode (NEM)
. With NEM, the
IP address of the inside PCs are received without change at the central site.
In this instance, the IP address of the PC is visible from the central site. In
the example in the figure, the remote inside PC makes a connection to a server
on the central site. The original PC IP address, 10.1.1.2, is not translated by
the remote PIX Security Appliance.
Set the Easy VPN Remote device mode by
entering the following command
:
vpnclient mode {client-mode |
network-extension-mode}
Client mode applies NAT to
all IP addresses of clients connected to the inside (higher security) interface
of the PIX Security Appliance.
Network extension mode – This option does
not apply NAT to any IP addresses of clients on the inside, higher security,
interface of the PIX Security Appliance.
Finally, to enable the Easy VPN
Remote device by entering the following command
:
vpnclient enable