Easy VPN Client Mode and Network Extension Mode

Unanswered Question
Jan 4th, 2009
User Badges:

Please correct me if I am wrong:-

1.Client Mode is used when the users are sitting in Comany's internet network with Private IPs and will get NATed to public IP when accessing the Easy VPN server.

2. We use Network Extension mode when we are accessing VPN server from Home with an Open internet connection(i.e. public IP is already assigned to my PC).No NAT is required in this case.

Am I right?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Fernando_Meza Mon, 01/05/2009 - 03:07
User Badges:
  • Gold, 750 points or more

Hi ..

You have got an idea on point 1. However on point two is mainly used for extending your local LAN (behind your client VPN device) to the networks behind the VPN server. In other words your local LAN which could be 192.168.10.X will be seen as 192.168.10.X by the networks behind the VPN server. The same is not the case when using Client mode. Below taken from one of my e-books

"Client Mode

Client mode enables you to deploy a VPN quickly and easily in a small office/home office

(SOHO) environment. In situations where there is no need to access the devices behind the

VPN client directly and ease of use and quick installation are important, the client mode is

the ideal solution."

"Network Extension Mode

In network extension mode, all SOHO PCs connected to the Easy VPN Remote device are

uniquely addressable by the VPN tunnel. This allows devices to connect directly to PCs

behind the Easy VPN Remote device."

I hope it helps .. please rate helpful posts

palsukh2002 Mon, 01/05/2009 - 17:01
User Badges:

In case of Easy VPN client the VPN client will need a public IP normally to connect to VPN server.since VPN server is normally accesses by VPN client over internet.

Now There can be two scenarios --either the users are sitting inside comapny Intranet network(Point No. 1) OR the user can be sitting at home with internet connection.

Now in Point No.1 NATing is required because users sitting in Company's internal network are having private IPs and need to be NATed to public IPs to access VPN server.

and In Point No. 2 since the user is already connected to internet and have public IP.so there is no need for NATing.

That is what my understanding is.

I could not understand one thing that What is the meaning of the line you have mentioned as

"In other words your local LAN which could be 192.168.10.X will be seen as 192.168.10.X by the networks behind the VPN server"

Once VPN client will get connected to VPN server..it will get an IP address from the VPN server..and the client will use that IP to communicate with the Network behind the VPN server.The network or IP which the client already have(before connecting to VPN server) will be no more in use for connecting to network behind VPN server(may be that IP will be used for connecting to VPN client's own internal network if split tunnelling is enabled)


This Discussion