About ipsec modes: tunnel and transport, This solution uses two types of vpn – Allied Telesis AlliedWare AR440S User Manual

Page 3 | AlliedWare™ OS How To Note: VPNs for Corporate Networks

About IPsec modes: tunnel and transport

This solution uses two types of VPN:

z

IPsec tunnel mode, for the headquarters office to branch office VPNs. These are site-to-
site (router-to-router) VPNs.

z

IPsec transport mode with L2TP, for the roaming Windows VPN clients.

The following figure shows the protocol stacks for the tunnel mode VPN and the transport
mode VPN for the connection type PPPoA.

In this How To Note, branch office 1 uses PPPoA. The other offices in this How To Note use
different connection types and therefore have different stacks below IP. Branch office 2 uses
PPP over virtual Ethernet over ATM, and headquarters simply uses IP over an actual Ethernet
WAN connection.

IP

IPsec

IP

PPP

ATM

ADSL

statically-defined
interface ppp0

tunnel mode:
policy “hq”

IPsec payload

L2TP

IPsec

IP

PPP

ATM

ADSL

statically-defined
interface ppp0

transport mode:
policy “roaming”

using L2TP server
definition

PPP

IPsec payload (dynamic
PPP using template)

IP

Tunnel mode - for site-to-site VPNs

Transport mode - for roaming clients

encrypted
by IPsec

vpn-protocol-stack.eps