VPN 101 Help Needed

Unanswered Question
Mar 18th, 2009

Can someone please give me a VPN routing 101 explanation.

I have a remote client, I tunnel into my network using VPN, and I now have two active adapters:

VPN Adapter 10.4.4.31

PPP Adapter 76.45.34.211 (Verizon PC Card)

My packets leave my device with a source address of my Ethernet adapater correct?

Where or how does the destination routing get determined?

For example...I want to send a ping to my internal network(10.4.4.0). An ICMP packet is created, it has a source IP of 76.45.34.211. When this packet is sent, what is the destination address in the packet? I am assuming it is the default gateway 76.45.34.211 (my PC card).

At what point in the process does it decide that it has a packet that needs to go to my VPN server, and how is the packet addressed (source, destination) and sent out? I mean I am assuming the Verizon router receives the packet from my device, how does it determine it needs to get routed to my VPN server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dominic.caron Fri, 03/20/2009 - 07:24

When your remote client connect to the vpn server, the server will send to the client the list of reachable network and an IP.

If you look at the route in your remote host, after you connect, you will see a your corporate network being routed out of interface : VPN Adapter.

Your remote client will encapsulate your data in a vpn tunnel after that. Lets say you try to send your icmp packet... Your host will generate a packet using source:10.4.4.31 and destination : 10.4.4.*(your server). That packet will then be encapsulated in one using the public IP source 76.45.34.211 and destination : IP of vpn server.

oneirishpollack Fri, 03/20/2009 - 08:13

Dominic, thanks for the explanation. That does help me understand the encapsulation process and routing.

Once the packet reaches my firewall, how does it get forwarded to the internal network? I mean does the firewall apply the ACL on the outside interface to the incoming packets?

Because despite the fact that I am connected, I still am having issues pinging devices in the network on the remote machine. I am assuming once the packets reach the VPN server, the VPN server needs to forward them to their respected destinations or my layer 3 switch for routing.

Actions

This Discussion