We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


VPN Through Router

Medium Priority
Last Modified: 2013-11-29
Well, it's a little more complicated than the above description.

I have a hotel that wants broadband access to all their rooms for guests.  Unfortunately, most business guests connect to their office using VPN.  Well, SOHO equipment isn't going to cut it because each one of these "guests" uses something different (checkpoint, mschap, pptp, blah, blah, blah).  It would also be impossible for me to get a hotel guest to give me the number to their company's IT department so I could try and convince them to let me know what ports their VPN operates over so that I could open a port tunnel for them.  Sheeesh...

Past my small office networking experience, I'm fairly clueless.  What equipment, if any, would allow me to circumvent manual port tunneling and let these people use their VPN across broadband behind a router issuing DHCP addresses? layer 2, layer 3, VLAN (what is all this stuff?)

If someone could point me in the right direction then I can "bone up" on the self education.
Watch Question

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Most new vpn clients are capable of NAT Transveral...this should eliminate your need to micromanage port tunneling.  You will just need to choose a router based on the number of client that are likely to be using the connection at any particular time.  Netopia R910 is a good SOHO router with NAT that will serve a good number of clients.  I have used this device with up to 75 simultaneous VPN connections (Cisco and Nortel Clients).

If the users VPN is not capable of NAT transversal...it will have to be done with port forwarding.  However...this is unlikey as most companies that have traveling users will have already switched to the newer VPN.

If this is a large or high traffic hotel...you should look into some type of AAA (Authentication,Authorization,and Accounting) server to keep your system from being abused.
Top Expert 2004

Most of the users will have a client, so you don't have to worry about doing any kind of vpn device to vpn device connection.  

On your firewall, make sure you have protocol 17 UDP port 500 source and destination open for ISAKMP IPSec Key Mangement.  Make sure protocol 50 (ESP) and 51 (AH) for IPSec Tunnel Encapsulation is open.

If they're doing PPTP then you'd need Protocol 8 (TCP) Source >1023 Destination 1723 for PPTP Control Connection
Protocol 47 (GRE) Source and Destination n/a for PPTP Tunnel Encapsulation.

If they're doing L2TP (they need to upgrade) but that would be Protocol 17 (UDP) Source >1023 and Destination 1701.

Reservation Control - Protocol 46 (RSVP) source and destination n/a.

Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.