Lancom Systems LCOS 3.50 User Manual
Page 303
̈
Chapter 14: Virtual Private Networks—VPN
LANCOM Reference Manual LCOS 3.50
303
V
irt
ua
l Pri
vat
e Ne
two
rks—
VP
N
Static – dynamic
If, on the other hand, computer A in LAN 1 requires a connection to computer
B in LAN 2, for example when headquarters carries out remote maintenance
at the external locations, then gateway 1 receives the request and attempts to
establish a VPN tunnel to gateway 2. Gateway 2 only has a dynamic IP address
and cannot be directly contacted over the Internet.
With LANCOM Dynamic VPN, the VPN tunnel can be set up nevertheless. The
connection is established in three steps:
ቢ
Gateway 1 calls Gateway 2 via ISDN. It takes advantage of the ISDN
functionality of sending its own subscriber number via the D-channel free
of charge. Gateway 2 determines the IP address of Gateway 1 from the
preconfigured VPN remote stations using the received subscriber number.
If Gateway 2 does not receive a subscriber number via the D-channel (if
that particular ISDN service feature is not available, for example) or an
unknown number is transferred, the authentication will be performed via
the B-channel. Once the negotiation was successful, Gateway 1 sends its
IP address and closes the connection on the B-channel immediately.
ባ
Now its Gateway 2's turn: It first connects to its ISP and is assigned a
dynamic IP address.
ቤ
Gateway 2 can now establish the VPN tunnel to Gateway 1. The static IP
address of gateway 1 is known, of course.
The advantage of LANCOM devices, for example when connecting from the
headquarters to branch offices: The functions in LANCOM Dynamic VPN also
allows access to networks without a flatrate, i.e. networks that are not always
online. The ISDN connection and an associated MSN act to substitute the
another address, such as a static IP address or the dynamic address
Internet
Computer A
Call via ISDN
ቢ
ባ
ቤ
LAN 1
LAN 2
Computer B
Gateway 1 with
static IP address
Gateway 2 with
dynamic IP
address
Headquarters
Branch_office
ISDN