Ingate Firewall 4.2: User Manual
Prev	Appendix E. More about VPN	Next

VPN connections

Establishing a VPN connection

When establishing a VPN connection, the firewall starts with negotiating a key for the encrypted connection. The negotiation is performed by sending several UDP packets from port 500 on the firewall to port 500 on the remote firewall. When the negotiation is done, the encrypted VPN tunnel is established. This tunnel is used later on for connecting the different networks communicating with each other.

After that, an IPSec connection is established through the tunnel. IPSec also uses UDP packets to port 500. Now a complete encrypted VPN tunnel has been created. N.B.: VPN does not encrypt the data traffic within the local networks, only through the tunnel between the different networks.

The encrypted traffic is handled using the ESP protocol. This protocol uses the IP protocol, just as TCP and UDP do.

VPN connections in the firewall log

An established IKE connection may look like this:

>>> VPN: ISAKMP SA established: 130.236.128.2 === 147.52.114.5

The following IPSec connection may look like this:

>>> VPN: IPSec SA established: office---130.236.128.2 === juliet@home --- 147.52.114.5

The encrypted traffic is shown as ESP packets.

Prev	Home	Next
VPN interoperability	Up	VPN clients with Ingate Firewall