Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC Tunnel mode query

Hello All,

Incase we use tunnle mode IPSEC VPN, I understand that the whole IP packet is encrypted and a new Ip header is added. But which Source IP and destination IP will this new IP packet have is it the Tunnel endpoints IP or will it still have the same LAN source IP? Please help.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: IPSEC Tunnel mode query

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: IPSEC Tunnel mode query

Prakadeesh

The source and destination IPs in the new IP header will be the tunnel endpoints. This is how you can route between networks using private addressing ie.

private addressing such 172.16.5.0/24 is not routable on the internet. But it doesn't matter because these addresses are hidden from the internet. These addresses are in the IP header of the original packet but not the new IP header.

Obviously for a VPN across the internet the addresses in the new IP header must be routable on the internet.

Jon

New Member

Re: IPSEC Tunnel mode query

cool!!! Thanks Jon :)

102
Views
0
Helpful
2
Replies