BSGX4e Business Gateway User Guide 173
Release 01.01 NN47928-102
VPN Configuration
If NAT is enabled, the processes work as below:
Figure 6 VPN operations when NAT is enabled
You must understand how traffic is flowing through the unit to understand how
traffic is encrypted. Figure 7 shows this flow.
Figure 7 Flow types
Outgoing
Packet
(private
domain)
Apply Normal-NAT
Or Drop as
appropriate
Apply
outbound
Normal-NAT
no
yes
Forward
IPsec pkt
Does the packet go
out a VPN interface
(routing table)?
Operation of Tunnel-Mode IPsec on outgoing packets
Operation of Tunnel-Mode IPsec on incoming packets
Peform
Outbound
Security
(tunnel mode)
IPSec pkt
coming in
a VPN itf
Perform
inbound
security
(detunnel)
Perform
inbound
Normal-NAT
Does the
packet
match a route
Forward
Firewall
rules
Allow
Deny
Internal
host
ICAD40 routing engineLAN WAN
Internal host traffic
Routed traffic
Relayed traffic
Comments to this Manuals