Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
5
Helpful
5
Replies

a simple routing question

axfalk
Level 1
Level 1

‎10-03-2007 06:10 PM - edited ‎03-05-2019 06:51 PM

I am using a VPN client to get into the inside network (172.16.0.0/16). I understand the VPN switch will replace my public source address (12.10.6.9)with an adress on the 172.16.0.0 subnet on the inbound packet. Why can't my source address be left intact and the downstream core switch will just use the default gateway to push the return packet back to the vpn switch?

thanks...

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎10-03-2007 10:53 PM

Hi

The way remote access client vpn's generally work is that they allocate an address to your PC that is from your company range. So the switch does not replace the public IP with the private IP, rather your client sends a packet with the source IP address in the 172.16.x.x range. This packet is then encapsulated within another packet header which uses the public IP address of your PC as the source address.

All the switch does is strip the outer header and forward on the packet with the original source IP address of 172.16.x.x.

The whole idea of a remote access VPN is that a user appears to be on the corporate network.

Does this make sense ?

Jon

0 Helpful

axfalk
Level 1
Level 1
In response to Jon Marshall

‎10-04-2007 05:25 AM

Jon, thanks for your response...

<>

where's all this taking place? - on the vpn concentrator?

Thanks again...

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to axfalk

‎10-04-2007 05:29 AM

The 172.16.x.x address will be handed out by your concentrator or DHCP servers within your corporate LAN.

The encryption of the packet and the encapsultion of the packet with another packet header is done on the client PC.

The concentrator on receiving the packet will strip the outer header and decrypt, then send on to server etc. in corporate LAN.

When the return traffic is received from the server by the concentrator it encrypts the packet, adds the outer header with the public IP addressing and sends to client. Client then strips outer header, decrypts and processes traffic.

HTH

Jon

axfalk
Level 1
Level 1
In response to Jon Marshall

‎10-04-2007 06:11 PM

Jon, thanks for a very thorough response...just a quick follow-up question, please...where on the vpn concentrator does the tunnel terminate?

Thanks again...

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to axfalk

‎10-04-2007 09:27 PM

Glad to help.

The tunnel usually terminates on the outside interface of the concentrator.

Appreciate the rating

Jon

0 Helpful
Customers Also Viewed These Support Documents