Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN 101 Help Needed

Can someone please give me a VPN routing 101 explanation.

I have a remote client, I tunnel into my network using VPN, and I now have two active adapters:

VPN Adapter

PPP Adapter (Verizon PC Card)

My packets leave my device with a source address of my Ethernet adapater correct?

Where or how does the destination routing get determined?

For example...I want to send a ping to my internal network( An ICMP packet is created, it has a source IP of When this packet is sent, what is the destination address in the packet? I am assuming it is the default gateway (my PC card).

At what point in the process does it decide that it has a packet that needs to go to my VPN server, and how is the packet addressed (source, destination) and sent out? I mean I am assuming the Verizon router receives the packet from my device, how does it determine it needs to get routed to my VPN server?


Re: VPN 101 Help Needed

When your remote client connect to the vpn server, the server will send to the client the list of reachable network and an IP.

If you look at the route in your remote host, after you connect, you will see a your corporate network being routed out of interface : VPN Adapter.

Your remote client will encapsulate your data in a vpn tunnel after that. Lets say you try to send your icmp packet... Your host will generate a packet using source: and destination : 10.4.4.*(your server). That packet will then be encapsulated in one using the public IP source and destination : IP of vpn server.

New Member

Re: VPN 101 Help Needed

Dominic, thanks for the explanation. That does help me understand the encapsulation process and routing.

Once the packet reaches my firewall, how does it get forwarded to the internal network? I mean does the firewall apply the ACL on the outside interface to the incoming packets?

Because despite the fact that I am connected, I still am having issues pinging devices in the network on the remote machine. I am assuming once the packets reach the VPN server, the VPN server needs to forward them to their respected destinations or my layer 3 switch for routing.