The Cisco Easy VPN Remote feature supports the following three modes of
operation:
- Client mode
- Network extension mode
- Network extension plus mode
These modes are described in Figure
.
All modes
of operation also optionally support split tunneling, which allows secure
access to corporate resources through the VPN tunnel while also allowing
Internet access through a connection to an Internet service provider (ISP) or
other service. Split tunneling eliminates the corporate network from the path
for web access.
Client Mode Example
The diagram in Figure
illustrates the client mode of operation. In this example, the Cisco 831 router
provides access to two PCs, which have IP addresses in the 10.0.0.0 private
network space. These PCs connect to the Ethernet interface on the Cisco 831
router, which also has an IP address in the 10.0.0.0 private network space. The
Cisco 831 router performs NAT or PAT translation over the VPN tunnel so that
the PCs can access the destination network.
 |
NOTE:
The diagram could also represent a split tunneling connection, in
which the client PCs can access public resources in the global Internet without
including the corporate network in the path for the public resources.
|
Network Extension Mode Example
The diagram in Figure
illustrates the
network extension mode of operation. In this example, the Cisco 831 router acts
as Cisco Easy VPN remote devices, connecting to a router used as a Cisco Easy
VPN server.
The client hosts are given IP addresses that are fully
routable by the destination network over the tunnel. These IP addresses could
be either in the same subnet space as the destination network, or in separate
subnets, assuming that the destination routers are configured to properly route
those IP addresses over the tunnel.
In this example, the PCs and hosts
attached to the two routers have IP addresses that are in the same address
space as the destination enterprise network. The PCs connect to the Ethernet
interface of the Cisco 831 router, which also has an IP address in the
enterprise address space. This scenario provides a seamless extension of the
remote network.