Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3002: PAT mode

Hi,

I've got a simple question. When you're working in PAT between a VPN 3002 and a VPN 3060, the concentrator assign an address to the VPN3002 for the PAT.

Obviously PAT means there is a natting somewhere in the path... but where ? On the VPN3002 or on the Concentrator ?

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: VPN3002: PAT mode

Hi,

Assigned IP address(by the concentrator during MODE_CFG) to vpn3002 is PATed(overloaded) for every end-host (upto 253) sitting behind the vpn3002, opposite to it is NEM where your vpn3002 is routable from headend side, because there is no PAT on VPN3002, in short PAT is done on VPN3002.

For more conceptual understanding, look at the difference in IPSec SAs setup on the VPN30xx headend in case of PAT(client) Vs. NEM mode.

Thanks,

Afaq

2 REPLIES
Bronze

Re: VPN3002: PAT mode

Hi,

Assigned IP address(by the concentrator during MODE_CFG) to vpn3002 is PATed(overloaded) for every end-host (upto 253) sitting behind the vpn3002, opposite to it is NEM where your vpn3002 is routable from headend side, because there is no PAT on VPN3002, in short PAT is done on VPN3002.

For more conceptual understanding, look at the difference in IPSec SAs setup on the VPN30xx headend in case of PAT(client) Vs. NEM mode.

Thanks,

Afaq

New Member

Re: VPN3002: PAT mode

When you configure vpn3002 hardwar client to run as PAT mode, the NATting is happen at VPN 3002.

IP addresses( behind VPN3002) will be translate to the IP address which VPN 3002 hardware client get from VPN3060 assigned IP address.

139
Views
0
Helpful
2
Replies
CreatePlease login to create content