If, on the other hand, computer A in LAN 1 requires a connection to computer B in LAN 2, for example when headquarters carries out remote maintenance at the external locations, then gateway 1 receives the request and attempts to establish a VPN tunnel to gateway 2. Gateway 2 only has a dynamic IP address and cannot be directly contacted over the Internet.
With LANCOM Dynamic VPN, the VPN tunnel can be set up nevertheless. The connection is established in three steps:
- Gateway 1 calls Gateway 2 via ISDN. It takes advantage of the ISDN functionality of sending its own subscriber number via the D-channel free of charge. Gateway 2 determines the IP address of Gateway 1 from the preconfigured VPN remote sites using the received subscriber number. If Gateway 2 does not receive a subscriber number via the D-channel (if that particular ISDN service feature is not available, for example) or an unknown number is transferred, the authentication will be performed via the B-channel. Once the negotiation was successful, Gateway 1 sends its IP address and closes the connection on the B-channel immediately.
- Now it’s Gateway 2's turn: It first connects to its ISP and is assigned a dynamic IP address.
- Gateway 2 authenticates with Gateway 1 at the static address known to it.
- Gateway 1 now knows the address of Gateway 2 and can now establish the VPN tunnel to Gateway 2.
The advantage of these devices, for example when connecting from the headquarters to branch offices: The functions in LANCOM Dynamic VPN also allows access to networks without a flatrate, i.e. networks that are not "always online". The ISDN connection and an associated MSN act to substitute the another address, such as a static IP address or the dynamic address translation via dynamic DNS services, a solution often used with flatrate connections.
