Specifications
The VPN Protocol IPsec
86 AVM Access Server – 5 AVM Access Server Concepts and Functional Principles
In the encapsulated packets transported over the IPsec tunnel between
the two AVM Access Servers, different IP addresses appear in the origi-
nal packet's IP header and in the encapsulating packet header:
The diagram below shows sample IP addresses for source and destina-
tion in the two packet headers:
IP addresses in the original and encapsulating packet headers
Access Rules in the AVM Access Server
Access rules are based on the internal IP addresses of the systems in-
terconnected by VPN links. Access rules, like filter rules, are tested
against a given packet in the list order, from the top down. Hence the
same principle applies here: Deal with the exceptions first! As soon as
a rule matches the packet, that rule’s action is applied to the packet.
The possible actions are “Encrypt” and “Do not encrypt”. Once a match
is found, no further rules are tested against the packet.
IP addresses in the original packet
Destination The private IP address of the computer in the local network that
is the intended recipient of the communication.
Source The private IP address of the computer in the remote network
that wants to communicate with the destination computer in the
local network.
IP addresses in the tunnel packet
Destination The official, public IP address of the local network’s AVM Access
Server in the Internet.
Source The official, public IP address of the remote network’s AVM
Access Server in the Internet.
Payload data
IP header
Payload data (possibly encrypted)
IP headerIPSec
New IP header
IP address of the sender: 172.16.0.10
IP address of the recipient: 172.16.0.1
Original packet
IPsec-encapsulated packet with new IP header in
Tunnel Mode
IP address of the sender: IP address assigned
IP address of the recipient: 193.96.242.157
by the Internet Service Provider