Chapter 12 VPN
P-792H v2 User’s Guide
156
12.1.2 What You Need to Know About IPSec VPN
A VPN tunnel is usually established in two phases. Each phase establishes a
security association (SA), a contract indicating what security parameters the P-
792H v2 and the remote IPSec router will use. The first phase establishes an
Internet Key Exchange (IKE) SA between the P-792H v2 and remote IPSec router.
The second phase uses the IKE SA to securely establish an IPSec SA through
which the P-792H v2 and remote IPSec router can send data between computers
on the local network and remote network. The following figure illustrates this.
Figure 70 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in
network B. Inside networks A and B, the data is transmitted the same way data is
normally transmitted in the networks. Between routers X and Y, the data is
protected by tunneling, encryption, authentication, and other security features of
the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X
and Y established first.
My IP Address
My IP Address is the WAN IP address of the P-792H v2. The P-792H v2 has to
rebuild the VPN tunnel if My IP Address changes after setup.
The following applies if this field is configured as 0.0.0.0:
• The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic)
to set up the VPN tunnel.
Secure Gateway Address
Secure Gateway Address is the WAN IP address or domain name of the remote
IPSec router (secure gateway).
If the remote secure gateway has a static WAN IP address, enter it in the Secure
Gateway Address field. You may alternatively enter the remote secure gateway’s
domain name (if it has one) in the Secure Gateway Address field.
A
X
Y
B
IPSec SA
IKE SA
Internet
To Next Page
Loading...
