VPN between two Cisco VPN 3002 HW Clients


Is is possible to configure two VPN 3002 HW clients to communicate in a point-to-point configuration? I have tried a couple of configurations, but can't get and end-to-end connection established.

My desired outcome is something like this:


srvr --> 3550emi --> 3002 --> NAT at Firewall


NAT at Firewall <-- 3002 <-- 3550emi <-- srvr

The default route on the servers are the local 3550, each 3550 has a static route to the opposite subnet pointing to the private side of the VPN 3002.

I've also tried this configuration where the public side of the VPN 3002 are on the same subnet (Eliminating any routing or NAT issues).

I am not too sure if I follow... How can you connect two clients together, the whole purpose of the hardware client is just that. It is a hardware Remote Access tool to connect into a Concentrator verse utilizing a software client to connect. How could you connect a client to a client, since it is meant for Remote Access connectivity not Lan-To-Lan? If you can do this please let me know since I am new to the Cisco Concentrator series and would like to know.


3002's only act as EzVPN clients, not servers. 3005+ concentrators, Pix, and IPSec routers can act as EzVPN Servers AND clients, but 3002's are only ezvpn Clients (just like the sw client)

So an 3002 can connect to a Pix, a Router, or a Concentrator, and each of those can connect to each other, but two 3002's can't connect to each other.

If you're in a situation where you need this, best bet is either a Pix 501 or a 800 series router. These can both act as an ezVPN client or ezVPN server. in addition they have firewalling and configurable NATing and access lists.

Here's the sample configs on how to configure a 3002 to each device:

Easy VPN overview is here:

