Complete PDF manual
PDF of This Chapter

Network Interfaces and Addresses

The VPN gateway is aptly named because it functions as a "gatekeeper" for each of the computers connected on the Local Area Network behind it.

In most cases, each gateway will have a "public" facing address (WAN side) and a "private" facing address (LAN side). These addresses are referred to as the "network interface" in documentation regarding the construction of VPN communication. Please note that the addresses used in the example.

Interface Addressing

This document uses example addresses provided the VPN Consortium. It is important to understand that you will be using addresses specific to the devices that you are attempting to connect via IPSec VPN.

Figure 2-4

It is also important to make sure the addresses do not overlap or conflict. That is, each set of addresses should be separate and distinct.

Table 2-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing

Gateway	LAN or WAN	VPNC Example Address
Gateway A	LAN (Private)	10.5.6.1
Gateway A	WAN (Public)	14.15.16.17
Gateway B	LAN (Private)	22.23.24.25
Gateway B	WAN (Public)	172.23.9.1

It will also be important to know the subnet mask of both gateway LAN Connections. Use the worksheet in Appendix A to gather the necessary address and subnet mask information to aid in the configuration and troubleshooting process.

Table 2-2. Subnet Addressing

Gateway	LAN or WAN	Interface Name	Example Subnet Mask
Gateway A	LAN (Private)	Subnet Mask A	255.255.255.0
Gateway B	LAN (Private)	Subnet Mask B	255.255.255.0

Firewalls

It is important to understand that many gateways are also firewalls. VPN tunnels cannot function properly if firewall settings disallow all incoming traffic. Please refer to the firewall instructions for both gateways to understand how to open specific protocols, ports, and addresses that you intend to allow.