LANCOM Reference Manual LCOS 3.50 Chapter 14: Virtual Private Networks—VPN
302
Virtual Private Networks—
VPN
static – dynamic
dynamic – dynamic
Dynamic – static
If a user on computer B in LAN 2 wishes to connect to computer A in LAN 1,
then gateway 2 receives a request and tries to establish a VPN tunnel to
gateway 1. Gateway 1 has a static IP address and can be directly contacted
over the Internet.
A problem arises in that the IP address from gateway 2 is assigned
dynamically, and gateway 2 must communicate its current IP address to
gateway 1 when attempting to connect. In this case, LANCOM Dynamic VPN
takes care of transmitting the IP address during connection establishment.
Gateway 2 connects to the Internet and is assigned a dynamic IP address.
Gateway 2 contacts Gateway 1 via its known public IP address. LANCOM
Dynamic VPN enables the identification and transmission of the actual IP
address of Gateway 2. Gateway 1 initiates the VPN tunnel then.
The great advantage of LANCOM devices with this application: Instead of the
“Aggressive Mode” that is normally used when connecting VPN clients to the
headquarters, the far more secure “Main Mode” can be applied. Although
with Main Mode more unencrypted messages can be exchanged during the
IKE handshake, the method is overall more secure than Aggressive Mode.
An ISDN line is not necessary for establishing this type of connection.
The dynamic end communicates its IP address encrypted via the
Internet protocol ICMP (or alternatively via UDP).
Computer BComputer A
LAN 1 LAN 2
Internet
Headquarters Branch_office
Gateway 1 with
static IP address
Gateway 2 with
dynamic IP
address