Specifications
The VPN Protocol IPsec
84 AVM Access Server – 5 AVM Access Server Concepts and Functional Principles
IPsec is a network-layer (ISO OSI Layer 3) protocol, and hence indepen-
dent of the underlying infrastructures. However, IPsec is limited to the
IP network protocol. In other words, only IP can be transported over an
IPsec-based VPN.
IPsec permits two different operating modes: Tunnel Mode and Trans-
port Mode. Transport Mode does not create a tunnel, and strictly
speaking does not provide a virtual private network. Only Tunnel Mode
is used in VPN connections.
In Tunnel Mode, a tunnel is set up through a public network. In other
words, the IP packets are encapsulated before transmission. Each IP
packet, with its complete IP header, is transmitted as the payload of a
new IPsec packet. The new packet also has its own IP header. In this
way both single computers and whole networks using private IP ad-
dresses can communicate over the public Internet.
The following figure shows the original networking packet and the en-
capsulated packet with new IP header.
Original packet and IPsec encapsulated packet with new IP header
The illustration below shows a sample VPN connection in Tunnel Mode.
Here a remote LAN is connected to the local company network (see al-
so the fold-out diagram of a sample scenario in the front cover).
Example: VPN connection in Tunnel Mode
Payload data
IP header
Original packet
Possibly encrypted payload data
IP headerIPSecNew IP header
Ipsec-encapsulated packet
Internet
Tunnel
AVM Access Server
(local)
AVM Access Server
(remote)
Public IP address: dynamically
assigned by the
Internet Service Provider
Public IP address: dynamically
assigned by the
Internet Service Provider
Private IP address: 192.168.10.1 Private IP address: 192.168.20.1
IP address:
192.168.10.10
Local Network
Network address: 192.168.10.0 /24
Remote Network
Network address: 192.168.20.0 /24
IP address:
192.168.10.20
IP address:
192.168.10.30
IP address:
192.168.20.10
IP address:
192.168.20.20
IP address:
192.168.20.30