IPSEC Tunnel mode query

Answered Question
Jul 17th, 2009

Hello All,

Incase we use tunnle mode IPSEC VPN, I understand that the whole IP packet is encrypted and a new Ip header is added. But which Source IP and destination IP will this new IP packet have is it the Tunnel endpoints IP or will it still have the same LAN source IP? Please help.

Thanks,

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 4 months ago

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Fri, 07/17/2009 - 02:49

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

Actions

This Discussion