Chapter 9
Scenario: Easy VPN Hardware Client Configuration
Figure 9-3
Network Topology with ASA 5505 Running in Network Extension Mode
192.168.100.3
192.168.100.4
Configuring the Easy VPN Hardware Client
78-17612-02
Remote LAN
ISP router
ASA 5505
(Easy VPN
Hardware Client)
Addresses visible
from central LAN
Use the following guidelines when deciding whether to configure the ASA 5505
in Easy VPN Client Mode or Network Extension Mode.
Use Client Mode if:
You want VPN connections to be initiated when a device behind the Easy
•
VPN hardware client attempts to access a device on the enterprise network.
You do not want devices behind the Easy VPN hardware client to be
•
accessible by devices on the enterprise network.
Use Network Extension Mode if:
You want VPN connections to be established automatically and to remain
•
open even when not required for transmitting traffic.
You want remote devices to be able to access hosts behind the Easy VPN
•
hardware client.
The Easy VPN server controls the security policies enforced on the ASA 5505
Easy VPN hardware client. However, to establish the initial connection to the
Easy VPN server, you must complete some configuration locally.
Configuring the Easy VPN Hardware Client
Internet
Easy VPN Server
Address visible
from remote LAN
Cisco ASA 5505 Getting Started Guide
Central LAN
192.168.200.3
9-5