Cisco Cisco ISA550 Integrated Security Appliance Anleitung Für Quick Setup

© 2012 Cisco Systems, Inc. All rights reserved.

Page 2 of 12

The Teleworker VPN Client supports the following two operating modes. You must specify an operation 
mode before establishing a connection.

Both operation modes support split tunneling. Split tunneling allows for secure access to 

corporate resources through the VPN tunnel in addition to Internet access to an Internet Service Provider 
(ISP) or other service which eliminates the corporate network from the path for web access. 

In client mode, Network Address Translation (NAT) or Private Address Translation (PAT) is performed so 
that remote computers and other hosts at the end of the VPN tunnel can form a private network. In this 
mode, the IP addresses in the IP address space of the destination server are not used. Instead, the 
outside interface of the Teleworker VPN Client is assigned an IP address by the remote server.

 illustrates how client mode works. In this example, the ISA500 provides access to two 

computers assigned IP addresses in the 10.0.0.0 private network space. These computers are 
connected to the Ethernet interface on the ISA500. The Cisco device (IPsec VPN server) assigns an IP 
address (192.168.101.2) to the ISA500 (Teleworker VPN Client) which performs NAT or PAT translation 
over the VPN tunnel so that the computers can access the destination network (192.168.100.x). In this 
example, the computers (hosts 10.0.0.3 and 10.0.0.4) are translated to (192.168.101.2) but hosts in the 
remote network (192.168.100.x) are unable to access the computers (hosts 10.0.0.3 and 10.0.0.4). For 
information about how to configure the ISA500 in client mode, see 

IPsec VPN Client Connection