Example vpn configuration, How vpn tunnels work – Digi X2 User Manual
Page 100
C o n f i g u r a t i o n t h r o u g h t h e w e b i n t e r f a c e
1 0 0
Example VPN configuration
The diagram shows a Digi Connect WAN VPN used as a primary remote site router:
How VPN tunnels work
The Digi device’s Ethernet port usually connects to a switch or hub, which then connects
to other Ethernet devices. The mobile/cellular carrier provides only one IP address to the
mobile interface. The Digi device uses Network Address Translation (NAT), where only
the mobile IP address is visible to the outside. Private IP addresses are typically used on
the remote site LAN connected to the Digi device’s Ethernet port. All outgoing traffic,
except the tunneled VPN traffic, uses the mobile IP address of the Digi device. Using the
example network above, the process for initiating VPN tunnels works like this:
1
Typically, a host or device on the remote subnet (in this case, 172.17.1.0) requests
information from a host on the main site (HQ) subnet (172.16.5.0). For example, a
computer at 172.17.1.20 needs a file from 172.16.5.100.
2
The Digi device sees the request as being on the HQ subnet and checks whether a
VPN tunnel exists between the two sites.
3
If no tunnel exists, the Digi device initiates a VPN tunnel request to its peer — the
VPN concentrator at HQ. The VPN policy settings are compared, and if they match,
an IPsec tunnel is created between the Digi device and the VPN concentrator.
Traffic is encrypted as defined in the VPN policies. The maximum number of
supported tunnels is two.
Cellular
Data Network
Digi
Connect
VPN
Internet
Remote Site
HQ
166.123.99.99
209.123.123.123
P WR
O K
WIC 0
A
C T /C H 0
A
C T /C H 1
WIC 0
A C
T /C H 0
A
C T /C H 1
E TH
A C
T
C O L
VPN
Appliance
17
2.
16
.5
.0
/2
4
17
2.
17
.1
.0
/24
172.17.1.1
Private IP Tunnel
172.16.5.1
IPSec ESP
WAN