Filter
Top Products
Page 3 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
About IPsec modes: tunnel and transport
This solution uses two types of VPN:
z IPsec tunnel mode, for the headquarters office to branch office VPNs. These are site-to-
site (router-to-router) VPNs.
z IPsec transport mode with L2TP, for the roaming Windows VPN clients.
The following figure shows the protocol stacks for the tunnel mode VPN and the transport
mode VPN for the connection type PPPoA.
In this How To Note, branch office
1
uses PPPoA. The other offices in this How To Note use
different connection types and therefore have different stacks below IP. Branch office 2 uses
PPP over virtual Ethernet over ATM, and headquarters simply uses IP over an actual Ethernet
WAN connection.
IP
IPsec
IP
PPP
ATM
ADSL
statically-defined
interface ppp0
tunnel mode:
policy “hq”
IPsec payload
L2TP
IPsec
IP
PPP
ATM
ADSL
statically-defined
interface ppp0
transport mode:
policy “roaming”
using L2TP server
definition
PPP
IPsec payload (dynamic
PPP using template)
IP
Tunnel mode - for site-to-site VPNs Transport mode - for roaming clients
encrypted
by IPsec
vpn-protocol-stack.eps