Solved: IPSEC Tunnel mode query

prakadeesh · ‎07-17-2009

Hello All,

Incase we use tunnle mode IPSEC VPN, I understand that the whole IP packet is encrypted and a new Ip header is added. But which Source IP and destination IP will this new IP packet have is it the Tunnel endpoints IP or will it still have the same LAN source IP? Please help.

Thanks,

Jon Marshall · ‎07-17-2009

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

View solution in original post

Jon Marshall · ‎07-17-2009

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

prakadeesh · ‎07-20-2009

cool!!! Thanks Jon :)