This is how LANCOM Dynamic VPN works
Parent topic: This is how LANCOM Dynamic VPN works

Dynamic – static

If a user on computer B in LAN 2 wishes to connect to computer A in LAN  1, then gateway 2 receives a request and tries to establish a VPN tunnel to gateway 1. Gateway 1 has a static IP address and can be directly contacted over the Internet.

A problem arises in that the IP address from gateway 2 is assigned dynamically, and gateway 2 must communicate its current IP address to gateway 1 when attempting to connect. In this case, LANCOM Dynamic VPN takes care of transmitting the IP address during connection establishment.





  1. Gateway 2 connects to the Internet and is assigned a dynamic IP address.
  2. Gateway 2 contacts Gateway 1 via its known public IP address. LANCOM Dynamic VPN enables the identification and transmission of the actual IP address of Gateway 2. Gateway 1 initiates the VPN tunnel then.

The great advantage of LANCOM devices with this application: Instead of the “Aggressive Mode” that is normally used when connecting VPN clients to the headquarters, the far more secure “Main Mode” can be applied. Although with Main Mode more unencrypted messages can be exchanged during the IKE handshake, the method is overall more secure than Aggressive Mode.

Note: An ISDN line is not necessary for establishing this type of connection. The dynamic end communicates its IP address encrypted via the Internet protocol ICMP (or alternatively via UDP).
Parent topic: This is how LANCOM Dynamic VPN works