I currently use the 3002 HW Client at several ROBO/SOHO locations in Network Extension mode. This works great. Recently I have the need to establish the same type of connection, but I need to provide a dynamic IP NAT pool for the clients behind the 3002. Is a configuration like this possible using the 3030 & 3002, or will I need some other HW to replave the 3002. If other HW is needed please suggest low end options (i.e. I realize a L2L with another concentrator will work). And I asume the configuration is possible with a 1720(?).
"The VPN 3002 Hardware Client can be configured as a DHCP server for the private network. The DHCP server for the private interface allows IP hosts in its network to automatically obtain IP addresses from a limited pool of addresses for a fixed length of time, or lease period. Before the lease period expires, the VPN 3002 Hardware Client displays a message offering to renew it. If the lease is not renewed, the connection terminates when the lease expires, and the IP address becomes available for reuse. Using DHCP simplifies configuration since you do not need to know what IP addresses are considered valid on a particular network. If you do not want to configure your VPN 3002 Hardware Client as a DHCP server, then select No, do not use the DHCP server to provide addresses."
You have 2 modes with the 3002, client mode and NEM (network extension mode). With client mode, the 3002 gets a ip address received from the concentrator just like a software client which allows you to set the 3002 as a dhcp server. With NEM, you can have the workstations behind the 3002 obtain ip address from a dhcp server on the 3000 side. So depending on whether your talking NAT or PAT will determine which connection type will meet your needs. Hope this helps.
Re: Dynamic IP Nat Pool with 3030 <--> 3002 Tunnel
Thanks for your response. However, I completely understand NEM, PAT, and DHCP. My questions was, "Is it possible to provide a dynamic NAT pool...". I believe the answer to this question is no. My reason for asking is that I have clients behind the 3002 with address space that cannot be changed and conflicts with what is on our network behind the 3030. And PAT is not an option.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :