Chapter 14: Virtual Private Networks—VPN LANCOM Reference Manual LCOS 3.50
303
Virtual Private Networks—
VPN
Static – dynamic
If, on the other hand, computer A in LAN 1 requires a connection to computer
B in LAN 2, for example when headquarters carries out remote maintenance
at the external locations, then gateway 1 receives the request and attempts to
establish a VPN tunnel to gateway 2. Gateway 2 only has a dynamic IP address
and cannot be directly contacted over the Internet.
With LANCOM Dynamic VPN, the VPN tunnel can be set up nevertheless. The
connection is established in three steps:
햲Gateway 1 calls Gateway 2 via ISDN. It takes advantage of the ISDN
functionality of sending its own subscriber number via the D-channel free
of charge. Gateway 2 determines the IP address of Gateway 1 from the
preconfigured VPN remote stations using the received subscriber number.
If Gateway 2 does not receive a subscriber number via the D-channel (if
that particular ISDN service feature is not available, for example) or an
unknown number is transferred, the authentication will be performed via
the B-channel. Once the negotiation was successful, Gateway 1 sends its
IP address and closes the connection on the B-channel immediately.
햳Now its Gateway 2's turn: It first connects to its ISP and is assigned a
dynamic IP address.
햴Gateway 2 can now establish the VPN tunnel to Gateway 1. The static IP
address of gateway 1 is known, of course.
The advantage of LANCOM devices, for example when connecting from the
headquarters to branch offices: The functions in LANCOM Dynamic VPN also
allows access to networks without a flatrate, i.e. networks that are not always
online. The ISDN connection and an associated MSN act to substitute the
another address, such as a static IP address or the dynamic address
Internet
Computer A
Call via ISDN
햲
햳
햴
LAN 1 LAN 2
Computer B
Gateway 1 with
static IP address
Gateway 2 with
dynamic IP
address
Headquarters Branch_office
ISDN