Cisco Cisco ISA550 Integrated Security Appliance Anleitung Für Quick Setup
© 2012 Cisco Systems, Inc. All rights reserved.
Page 2 of 12
Operating Modes
The Teleworker VPN Client supports the following two operating modes. You must specify an operation
mode before establishing a connection.
mode before establishing a connection.
•
•
NOTE
Both operation modes support split tunneling. Split tunneling allows for secure access to
corporate resources through the VPN tunnel in addition to Internet access to an Internet Service Provider
(ISP) or other service which eliminates the corporate network from the path for web access.
(ISP) or other service which eliminates the corporate network from the path for web access.
Client Mode
In client mode, Network Address Translation (NAT) or Private Address Translation (PAT) is performed so
that remote computers and other hosts at the end of the VPN tunnel can form a private network. In this
mode, the IP addresses in the IP address space of the destination server are not used. Instead, the
outside interface of the Teleworker VPN Client is assigned an IP address by the remote server.
that remote computers and other hosts at the end of the VPN tunnel can form a private network. In this
mode, the IP addresses in the IP address space of the destination server are not used. Instead, the
outside interface of the Teleworker VPN Client is assigned an IP address by the remote server.
illustrates how client mode works. In this example, the ISA500 provides access to two
computers assigned IP addresses in the 10.0.0.0 private network space. These computers are
connected to the Ethernet interface on the ISA500. The Cisco device (IPsec VPN server) assigns an IP
address (192.168.101.2) to the ISA500 (Teleworker VPN Client) which performs NAT or PAT translation
over the VPN tunnel so that the computers can access the destination network (192.168.100.x). In this
example, the computers (hosts 10.0.0.3 and 10.0.0.4) are translated to (192.168.101.2) but hosts in the
remote network (192.168.100.x) are unable to access the computers (hosts 10.0.0.3 and 10.0.0.4). For
information about how to configure the ISA500 in client mode, see
connected to the Ethernet interface on the ISA500. The Cisco device (IPsec VPN server) assigns an IP
address (192.168.101.2) to the ISA500 (Teleworker VPN Client) which performs NAT or PAT translation
over the VPN tunnel so that the computers can access the destination network (192.168.100.x). In this
example, the computers (hosts 10.0.0.3 and 10.0.0.4) are translated to (192.168.101.2) but hosts in the
remote network (192.168.100.x) are unable to access the computers (hosts 10.0.0.3 and 10.0.0.4). For
information about how to configure the ISA500 in client mode, see
Figure 2
IPsec VPN Client Connection