Hi Rene,
Thanks for your reply and wonderful link.
Can i check if my following understanding is correct
1a) tunneling is used when the src/dst network is prohibited/unreachable between 2 connected points due to FW issue or as in your example, internal network going over WAN to another.
1b) if the source and destination network are reachable to one another, there will be no need for tunneling.
2a) tunnel interface are “virtual/logical” interface in which they are “tag” to the actual physical interface and uses the physical interface to actually send out the encapsulated frame/packet.
2b) by using the tunnel interface as a gateway, network A can reach network B across the WAN.
2c) routing protocols (such as EIGRP) can be use in conjunction with the tunnel interface, so that routers know what are the internal networks that can be reached via the tunnel interface.
==========================================================
question1)
for Access VPN (e.g. PC connecting to office network) ,
is it also using similar setup in which
- the pc will have a tunnel interface
- the vpn server will also have tunnel interface
- the tunnel interfaces will be actually “tag” / using the actual physical interface connecting to the default GW for routing/communication between each other.
question2)
without routing protocol, or manually specifying routes
a) how does the PC know which are internal office networks that will be reachable via the tunnel interface ?
b) how does the vpn server know what is the internal network that my PC is using ?
c) with regards to b) It is most likely that my PC’s gateway is using NAT. So the tunnel packet coming from the VPN server back to my PC will be using my GW/Router’s public IP as the destination IP for both the outside and inside encapsulated packet ? - - I am having problem visualizing the whole picture here.
I hope i am making sense.
I have managed to follow your example and build up a lab using PT but still have not tried the NAT part. Will be sharing the config and diagram on the next post for your purview (if you may, so as you can advise if my understanding is correct or wrong)…
Hope to hear from you soon