This document answers frequently asked questions about the Cisco VPN
3002 Hardware Client.
Can I upgrade the VPN 3002 Hardware Client and the Cisco VPN software
client using the "client update" option on the VPN 3000 Concentrator? Are both
upgraded the same way?
A. The "client update" feature became available in version 3.0 for the VPN
3002 Hardware Client and in version 3.1 for the Cisco VPN software client. This
feature works differently for the VPN 3002 Hardware Client and the Cisco VPN
software client. The "client update" used for VPN 3002 Hardware Clients lets
administrators automatically update software/firmware for the VPN 3002 Hardware
Clients deployed in diverse locations. The "client update" used for Cisco VPN
software clients lets administrators at a central location automatically notify
the client users when it is time to update the VPN Client software. Action is
then required on the part of users to retrieve and install the newer software.
I recently upgraded the VPN 3002 Hardware Client to version 4.x, and it
continually reboots. (I have DHCP configured.)
A. This issue is specific to 3002-8E models. If the public interface's
link is "down" upon boot up, the unit continuously reboots. This has also been
seen to occur with Point-to-Point Protocol over Ethernet (PPPoE). Refer to
Cisco bug ID
registered customers only)
for additional details.
Where can I get the latest software revisions for the Cisco VPN 3002
A. All Cisco VPN 3002 Hardware Clients ship with the most current code,
but registered users may check the
registered customers only)
to see if more current software is available.
For additional information, refer to the latest documentation on the
Cisco VPN 3002
What is the difference between the network extension mode and the client
mode for the VPN 3002 Hardware Client?
A. Network extension mode allows the VPN 3002 Hardware Client to present a
full, routable network to the tunneled network. IPSec encapsulates all traffic
from the VPN 3002 Hardware Client private network to networks behind the
central-site VPN 3000 Concentrator. Either side can initiate data exchange.
Devices on either side know each other by their actual addresses.
Client mode, also called Port Address Translation (PAT) mode, isolates
all devices on the VPN 3002 Hardware Client's private network from those on the
corporate network. When the devices behind the VPN 3002 Hardware Client
initiate connections to the network behind the central site VPN 3000
Concentrator, the VPN Concentrator assigns IP addresses as the connections come
For additional information on these two modes, refer to
the VPN 3002 Hardware Client.
Can the Cisco VPN 3002 Hardware Client do a LAN-to-LAN tunnel to any
A. No, at this time the VPN 3002 Hardware Client can only be used to do
tunnel to a VPN 3000 Concentrator (in network extension mode or client mode)
and to the PIX Firewall (in client mode, not in network mode). The VPN 3002
Hardware Client cannot terminate connections from VPN Clients (software
clients). It cannot connect to any third-party devices at this time.
What is the difference between the Cisco VPN 3002 Hardware Client and the
Cisco VPN Client (also known as the "software client" or the "Universal
A. The VPN Client has to be loaded on a specific machine and it requires
support for the underlying operating system to make a connection:
Use of the VPN 3002 Hardware Client allows users on any operating
system behind the client to connect to the concentrator without the
installation of separate software on individual desktops: