Cisco Cisco ISA550 Integrated Security Appliance Anleitung Für Quick Setup
© 2012 Cisco Systems, Inc. All rights reserved.
Page 3 of 12
Network Extension Mode
Network Extension Mode (NEM) determines whether the inside hosts relative to the Cisco VPN hardware
client (ISA500) are accessible from the corporate network over the VPN tunnel. In NEM mode, the Cisco
VPN hardware client obtains a private IP address from a local DHCP server or is configured with a static
IP address.
client (ISA500) are accessible from the corporate network over the VPN tunnel. In NEM mode, the Cisco
VPN hardware client obtains a private IP address from a local DHCP server or is configured with a static
IP address.
Table 3
illustrates how NEM mode works. In this example, the ISA500 acts as a Cisco VPN hardware
client and is connected to a remote IPsec VPN server. The hosts attached to the ISA500 have IP
addresses in the 10.0.0.0 private network space. The VPN server does not assign an IP address to the
ISA500 (which does not perform NAT or PAT translation over the VPN tunnel). When accessing the
remote network (192.168.100.x), the hosts (10.0.0.3) and (10.0.04) are not translated, but the hosts in
the remote network (192.168.100.x) can access the hosts (10.0.0.3 and 10.0.04) directly.
addresses in the 10.0.0.0 private network space. The VPN server does not assign an IP address to the
ISA500 (which does not perform NAT or PAT translation over the VPN tunnel). When accessing the
remote network (192.168.100.x), the hosts (10.0.0.3) and (10.0.04) are not translated, but the hosts in
the remote network (192.168.100.x) can access the hosts (10.0.0.3 and 10.0.04) directly.
The client hosts are assigned IP addresses that are fully routable by the destination network over the
VPN tunnel. These IP addresses could be either in the same subnet space as the destination network or
in separate subnets, assuming that the destination routers are configured to properly route those IP
addresses over the VPN tunnel. For information about how to configure the ISA500 in NEM mode, see
VPN tunnel. These IP addresses could be either in the same subnet space as the destination network or
in separate subnets, assuming that the destination routers are configured to properly route those IP
addresses over the VPN tunnel. For information about how to configure the ISA500 in NEM mode, see
.
Figure 3
IPsec VPN Network Extension Connection