Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 14: Virtual Private Networks—VPN

302

V

irt

ua

l Pri

vat

e Ne

two

rks—

VP

N

̈

static – dynamic

̈

dynamic – dynamic

Dynamic – static

If a user on computer B in LAN 2 wishes to connect to computer A in LAN 1,
then gateway 2 receives a request and tries to establish a VPN tunnel to
gateway 1. Gateway 1 has a static IP address and can be directly contacted
over the Internet.

A problem arises in that the IP address from gateway 2 is assigned
dynamically, and gateway 2 must communicate its current IP address to
gateway 1 when attempting to connect. In this case, LANCOM Dynamic VPN
takes care of transmitting the IP address during connection establishment.

ቢ

Gateway 2 connects to the Internet and is assigned a dynamic IP address.

ባ

Gateway 2 contacts Gateway 1 via its known public IP address. LANCOM
Dynamic VPN enables the identification and transmission of the actual IP
address of Gateway 2. Gateway 1 initiates the VPN tunnel then.

The great advantage of LANCOM devices with this application: Instead of the
“Aggressive Mode” that is normally used when connecting VPN clients to the
headquarters, the far more secure “Main Mode” can be applied. Although
with Main Mode more unencrypted messages can be exchanged during the
IKE handshake, the method is overall more secure than Aggressive Mode.

An ISDN line is not necessary for establishing this type of connection.
The dynamic end communicates its IP address encrypted via the
Internet protocol ICMP (or alternatively via UDP).

Computer B

Computer A

ቢ

LAN 1

LAN 2

ባ

Internet

Headquarters

Branch_office

Gateway 1 with
static IP address

Gateway 2 with
dynamic IP
address