Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
5
Helpful
3
Replies

VPN Tunnel Mode Question

haithamnofal
Level 3
Level 3

‎07-03-2007 06:58 AM - edited ‎02-21-2020 03:08 PM

Hi,

I am just wondering what information is available in the Outer IP Header compared to the local IP Header in VPN Tunnel-mode?

Regards,

Haitham

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎07-03-2007 08:55 AM

Hi Haitham

If i understand correctly, the outer IP header is an entirely new IP header with all the fields that the local IP header would have. Obviously some of these fields may be different ie the source and destination IP addresses, ports etc, and some information may or may not be present such as QOS settings.

Was there something specific you were thinking of ?

Jon

0 Helpful

haithamnofal
Level 3
Level 3
In response to Jon Marshall

‎07-03-2007 09:13 AM

Hi Jon,

I wanted to know how would the fields in the outer header differ from the inner one. Taking an example Router A & B having VPN tunnel between each others, shouldn't the source and destination IP addresses in both the outer header and the inner header be Router A & B ?

Regards,

Haitham

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to haithamnofal

‎07-03-2007 10:14 AM

Haitham

It depends on where the packet is sourced from and where the destination is eg.

You have a site-to-site VPN tunnel across the Internet between router A & router B. A client behind router B ( 192.168.5.10 ) wants to send data to server at site A ( 172.16.5.11 ).

Router A public IP address is 194.67.11.10

Router B public IP address is 212.32.22.66

Client at site B sends packet to router B with a source IP address of 192.168.5.10 and a destination IP address of 172.16.15.11.

Router B realises this is meant to go down the VPN tunnel so it encrypts the entire packet, creates a new IP header for the encrypted packet. The source IP address of this packet will be Router B public IP address and the destination address will be Router A public IP address.

When Router A receives the packet it strips off the outer IP header, decrypts the original packet, sees that the destination is 172.16.5.11 and forwards it on.

Hope that makes sense

Jon

Customers Also Viewed These Support Documents