This document answers frequently asked questions about the Cisco VPN 3002 Hardware Client.
Q. Can I upgrade the VPN 3002 Hardware Client and the Cisco VPN software client using the "client update" option on the VPN 3000 Concentrator? Are both upgraded the same way?
A. The "client update" feature became available in version 3.0 for the VPN 3002 Hardware Client and in version 3.1 for the Cisco VPN software client. This feature works differently for the VPN 3002 Hardware Client and the Cisco VPN software client. The "client update" used for VPN 3002 Hardware Clients lets administrators automatically update software/firmware for the VPN 3002 Hardware Clients deployed in diverse locations. The "client update" used for Cisco VPN software clients lets administrators at a central location automatically notify the client users when it is time to update the VPN Client software. Action is then required on the part of users to retrieve and install the newer software.
Q. I recently upgraded the VPN 3002 Hardware Client to version 4.x, and it continually reboots. (I have DHCP configured.)
A. This issue is specific to 3002-8E models. If the public interface's link is "down" upon boot up, the unit continuously reboots. This has also been seen to occur with Point-to-Point Protocol over Ethernet (PPPoE). Refer to Cisco bug ID CSCeb38654 ( registered customers only) for additional details.
Q. Where can I get the latest software revisions for the Cisco VPN 3002 Hardware Client?
A. All Cisco VPN 3002 Hardware Clients ship with the most current code, but registered users may check the Software Center ( registered customers only) to see if more current software is available.
For additional information, refer to the latest documentation on the Cisco VPN 3002 Hardware Client.
Q. What is the difference between the network extension mode and the client mode for the VPN 3002 Hardware Client?
A. Network extension mode allows the VPN 3002 Hardware Client to present a full, routable network to the tunneled network. IPSec encapsulates all traffic from the VPN 3002 Hardware Client private network to networks behind the central-site VPN 3000 Concentrator. Either side can initiate data exchange. Devices on either side know each other by their actual addresses.
Client mode, also called Port Address Translation (PAT) mode, isolates all devices on the VPN 3002 Hardware Client's private network from those on the corporate network. When the devices behind the VPN 3002 Hardware Client initiate connections to the network behind the central site VPN 3000 Concentrator, the VPN Concentrator assigns IP addresses as the connections come up.
For additional information on these two modes, refer to Understanding the VPN 3002 Hardware Client.
Q. Can the Cisco VPN 3002 Hardware Client do a LAN-to-LAN tunnel to any device?
A. No, at this time the VPN 3002 Hardware Client can only be used to do tunnel to a VPN 3000 Concentrator (in network extension mode or client mode) and to the PIX Firewall (in client mode, not in network mode). The VPN 3002 Hardware Client cannot terminate connections from VPN Clients (software clients). It cannot connect to any third-party devices at this time.
Q. What is the difference between the Cisco VPN 3002 Hardware Client and the Cisco VPN Client (also known as the "software client" or the "Universal Client")?
A. The VPN Client has to be loaded on a specific machine and it requires support for the underlying operating system to make a connection:
Use of the VPN 3002 Hardware Client allows users on any operating system behind the client to connect to the concentrator without the installation of separate software on individual desktops: