Exchanging Encrypted Packets

Virtual private networks (VPNs) protect data by encrypting this data before sending it across the Internet. A master BorderManager VPN server and a slave BorderManager VPN server perform the following steps to exchange encrypted packets:

1. A packet being sent to the master server arrives at the slave server.

2. The slave server routes the packet through the BorderManager VPN crypto driver on this server.

3. The slave server's crypto driver encrypts the packet using a Rivest Code 2 (RC2) 128-bit key (or an RC2 40-bit key if the tunnel extends beyond the United States and Canada).

4. The slave server's crypto driver encrypts the key.

5. The slave server's crypto driver places a new IP header in front of the encrypted key, which is in front of the encrypted packet. (See Figure 2.)

6. The slave server's crypto driver sends the encrypted packet through the tunnel to the master server.

7. The master server receives the encrypted packet and forwards it to the crypto driver on this server.

8. The master server's crypto driver decrypts the key.

9. The master server's crypto driver uses the key to decrypt the packet.

10. The master server's crypto driver forwards the packet (now in its original, unencrypted form) to the private network interface board on this server.