Easy VPN Modes of Operation

The Easy VPN can use two different remote phase II modes for VPN connectivity, which mainly affect how the remote user is addressed when connected to the destination network. Both configurations support split tunneling. The two modes are as follows:

■ Client mode—This mode allows whatever changes necessary to connect the client to the destination network via the VPN connection. In the client mode, the client is automatically configured with NAT/PAT and the access lists needed to create the VPN connection.

■ Network extension mode—This mode treats the VPN client systems as components of the original network. The client systems must have fully routable IP addresses and cannot use NAT or PAT.

NOTE The term fully routable only refers to address space that does not conflict on either end of the connection. This is not a reference to the use of RFC 1918 addressing.

