Filter
Top Products
11-4
VPN 3002 Hardware Client Reference
OL-1893-01
Chapter 11 Policy Management
Network Extension Mode
Tunnel Initiation
The VPN 3002 always initiates the tunnel to the central-site VPN Concentrator. The central-site VPN
Concentrator cannot initiate a tunnel to a VPN 3002. The VPN 3002 creates only one IPSec tunnel to
the central-site VPN Concentrator, in either PAT or Network Extension mode. The tunnel can support
multiple encrypted data streams between users behind the VPN 3002 and the central site. With split
tunneling enabled, it can also support multiple unencrypted data streams to the internet.
In PAT mode, the tunnel establishes when data passes to the VPN Concentrator, or when you click
Connect Now in the Monitoring | System Status screen.
In Network Extension mode, the VPN 3002 automatically attempts to establish a tunnel to the VPN
Concentrator.
Tunnel Initiation with Interactive Hardware Client Authentication
In either Client or Network Extension mode, when you enable interactive hardware client authentication,
the tunnel establishes when you perform the following steps.
Step 1 In the VPN 3002 Hardware Client login screen, click the Connection/Login Status button. The
Connection/Login screen displays.
Step 2 Click Connect Now.
Step 3 Enter the username and password for the VPN 3002.
See the section, “Logging In With Interactive Hardware Client and Individual User Authentication” in
Chapter 1 for detailed instructions.
Alternatively, you can click Connect Now on the in the Monitoring | System Status screen, after which
the system prompts you to enter the username and password for the VPN 3002. See the section,
“Monitoring | System Status” in the Monitoring chapter.
Data Initiation
After the tunnel is established between the VPN 3002 and the central-site VPN Concentrator, the VPN
Concentrator can initiate data exchange only in Network Extension mode with all traffic travelling
through the tunnel. If you want the tunnel to remain up indefinitely, configure the VPN 3002 for Network
Extension mode and do not use split tunneling.
Table 11-1 summarizes instances in which the VPN 3002 and the central-site VPN Concentrator can
initiate data exchange.