Can someone please give me a VPN routing 101 explanation.
I have a remote client, I tunnel into my network using VPN, and I now have two active adapters:
VPN Adapter 10.4.4.31
PPP Adapter 22.214.171.124 (Verizon PC Card)
My packets leave my device with a source address of my Ethernet adapater correct?
Where or how does the destination routing get determined?
For example...I want to send a ping to my internal network(10.4.4.0). An ICMP packet is created, it has a source IP of 126.96.36.199. When this packet is sent, what is the destination address in the packet? I am assuming it is the default gateway 188.8.131.52 (my PC card).
At what point in the process does it decide that it has a packet that needs to go to my VPN server, and how is the packet addressed (source, destination) and sent out? I mean I am assuming the Verizon router receives the packet from my device, how does it determine it needs to get routed to my VPN server?
When your remote client connect to the vpn server, the server will send to the client the list of reachable network and an IP.
If you look at the route in your remote host, after you connect, you will see a your corporate network being routed out of interface : VPN Adapter.
Your remote client will encapsulate your data in a vpn tunnel after that. Lets say you try to send your icmp packet... Your host will generate a packet using source:10.4.4.31 and destination : 10.4.4.*(your server). That packet will then be encapsulated in one using the public IP source 184.108.40.206 and destination : IP of vpn server.
Dominic, thanks for the explanation. That does help me understand the encapsulation process and routing.
Once the packet reaches my firewall, how does it get forwarded to the internal network? I mean does the firewall apply the ACL on the outside interface to the incoming packets?
Because despite the fact that I am connected, I still am having issues pinging devices in the network on the remote machine. I am assuming once the packets reach the VPN server, the VPN server needs to forward them to their respected destinations or my layer 3 switch for routing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...