Specifications
The IPsec Transport Protocols
AVM Access Server – 5 AVM Access Server Concepts and Functional Principles 87
Remote Networks
In configuring a VPN connection, you must indicate the IP network
addresses of the local and remote networks. The Wizard then
automatically generates an access rule in the AVM Access Server
which specifies that packets with a source IP address in the local
network and a destination in the remote network are transported
with IPsec encapsulation.
To view or edit the access rules, select a VPN connection in the
“Remote networks” folder and open the “Access Rules” dialog
page. You can also define new access rules for the connection.
Remote Users
For remote users, the VPN authorization is governed by the
properties of the user group. In configuring the user group, you
must specify the IP address block in which the members of the
group will be assigned their IP addresses in the virtual private
network. An access rule is then automatically generated in the
AVM Access Server which specifies that only packets with source
and destination IP addresses in that address range are
transported with IPsec encapsulation.
To view or edit the access rules, select a VPN user group in the
“Remote users” folder and open the “VPN” dialog page. You can
also define new access rules on this page.
The IPsec Transport Protocols
IPsec uses two different transport protocols: Authentication Header
(AH) and Encapsulation Security Payload (ESP). These two protocols
can be combined, and can be used in both Tunnel and Transport
Modes.
Properties of the Authentication Header (AH)
Authenticates the source of the payload data: AH includes a
mechanism that allows the recipient to verify whether the source
of the data is authentic.
Ensures the integrity of the payload data: The same mechanism
that provides authentication also allows the recipient to detect
any manipulation of the payload data.