Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN between two Cisco VPN 3002 HW Clients

Unanswered Question
Jan 8th, 2004
User Badges:


Is is possible to configure two VPN 3002 HW clients to communicate in a point-to-point configuration? I have tried a couple of configurations, but can't get and end-to-end connection established.

My desired outcome is something like this:


srvr --> 3550emi --> 3002 --> NAT at Firewall


NAT at Firewall <-- 3002 <-- 3550emi <-- srvr

The default route on the servers are the local 3550, each 3550 has a static route to the opposite subnet pointing to the private side of the VPN 3002.

I've also tried this configuration where the public side of the VPN 3002 are on the same subnet (Eliminating any routing or NAT issues).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
melry88 Thu, 01/08/2004 - 10:40
User Badges:

I am not too sure if I follow... How can you connect two clients together, the whole purpose of the hardware client is just that. It is a hardware Remote Access tool to connect into a Concentrator verse utilizing a software client to connect. How could you connect a client to a client, since it is meant for Remote Access connectivity not Lan-To-Lan? If you can do this please let me know since I am new to the Cisco Concentrator series and would like to know.


jeff.roback Thu, 01/15/2004 - 14:45
User Badges:

3002's only act as EzVPN clients, not servers. 3005+ concentrators, Pix, and IPSec routers can act as EzVPN Servers AND clients, but 3002's are only ezvpn Clients (just like the sw client)

So an 3002 can connect to a Pix, a Router, or a Concentrator, and each of those can connect to each other, but two 3002's can't connect to each other.

If you're in a situation where you need this, best bet is either a Pix 501 or a 800 series router. These can both act as an ezVPN client or ezVPN server. in addition they have firewalling and configurable NATing and access lists.

Here's the sample configs on how to configure a 3002 to each device:


Easy VPN overview is here:



This Discussion