01-04-2009 07:43 PM - edited 03-11-2019 07:32 AM
Please correct me if I am wrong:-
1.Client Mode is used when the users are sitting in Comany's internet network with Private IPs and will get NATed to public IP when accessing the Easy VPN server.
2. We use Network Extension mode when we are accessing VPN server from Home with an Open internet connection(i.e. public IP is already assigned to my PC).No NAT is required in this case.
Am I right?
01-05-2009 03:07 AM
Hi ..
You have got an idea on point 1. However on point two is mainly used for extending your local LAN (behind your client VPN device) to the networks behind the VPN server. In other words your local LAN which could be 192.168.10.X will be seen as 192.168.10.X by the networks behind the VPN server. The same is not the case when using Client mode. Below taken from one of my e-books
"Client Mode
Client mode enables you to deploy a VPN quickly and easily in a small office/home office
(SOHO) environment. In situations where there is no need to access the devices behind the
VPN client directly and ease of use and quick installation are important, the client mode is
the ideal solution."
"Network Extension Mode
In network extension mode, all SOHO PCs connected to the Easy VPN Remote device are
uniquely addressable by the VPN tunnel. This allows devices to connect directly to PCs
behind the Easy VPN Remote device."
I hope it helps .. please rate helpful posts
01-05-2009 05:01 PM
In case of Easy VPN client the VPN client will need a public IP normally to connect to VPN server.since VPN server is normally accesses by VPN client over internet.
Now There can be two scenarios --either the users are sitting inside comapny Intranet network(Point No. 1) OR the user can be sitting at home with internet connection.
Now in Point No.1 NATing is required because users sitting in Company's internal network are having private IPs and need to be NATed to public IPs to access VPN server.
and In Point No. 2 since the user is already connected to internet and have public IP.so there is no need for NATing.
That is what my understanding is.
I could not understand one thing that What is the meaning of the line you have mentioned as
"In other words your local LAN which could be 192.168.10.X will be seen as 192.168.10.X by the networks behind the VPN server"
Once VPN client will get connected to VPN server..it will get an IP address from the VPN server..and the client will use that IP to communicate with the Network behind the VPN server.The network or IP which the client already have(before connecting to VPN server) will be no more in use for connecting to network behind VPN server(may be that IP will be used for connecting to VPN client's own internal network if split tunnelling is enabled)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide