cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
0
Helpful
2
Replies

IPSEC Tunnel mode query

prakadeesh
Level 1
Level 1

Hello All,

Incase we use tunnle mode IPSEC VPN, I understand that the whole IP packet is encrypted and a new Ip header is added. But which Source IP and destination IP will this new IP packet have is it the Tunnel endpoints IP or will it still have the same LAN source IP? Please help.

Thanks,

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

View solution in original post

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

cool!!! Thanks Jon :)