Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IPSec Passthrough limitations on a LINKSYS Wireless Router.  Model Number WRT54GS

Posted on 2004-09-02
7
Medium Priority
?
4,885 Views
Last Modified: 2013-11-29
How Many IPSEC passthough tunnels can you have active at the same time through this Linksys Wireless Router?    
0
Comment
Question by:brianmeyers
  • 4
  • 2
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11968705
One

You would need the VPN model to get more, like the WRV54G


0
 

Author Comment

by:brianmeyers
ID: 11968987
is this a firmware limitation within the Linksys or a IPsec issue?
0
 

Author Comment

by:brianmeyers
ID: 11969024
oh and one other comment.  lrmoore suggested a WRV54G model but i didn't read anything about "maximum passthrough tunnels" just that you can configure multiple vpn tunnels to this HW device.  Is this you you perceive it?
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 2

Accepted Solution

by:
jasperomalley earned 200 total points
ID: 11984865
It's both a firmware limitation and an IPsec issue, depending on how you look at it. It's fairly easy for the router to track IPsec connections from one internal hosts to one external host, or even any number of internal hosts to different external hosts, but it becomes more complicated when you have multiple internal hosts creating VPN tunnels to the same external host. So, most broadband router and SOHO firewall manufacturers just give you the ability to do one VPN passthrough tunnel and say they're done with it, in order to avoid having to program for the more complex cases.

A better solution all around is to use NAT Traversal (NAT-T), in which the VPN client and server encapsulate IPsec connections in UDP packets sent to/from UDP port 4500 on the server, since most router/firewall devices doing NAT can handle UDP translation easily. Most VPN server devices (and their clients) can do NAT-T nowadays, although some devices might require a firmware upgrade in order to do so.
0
 

Author Comment

by:brianmeyers
ID: 12104224
so would it be safe to say that you could have multiple remote user VPN's passing through the Linksys device back to a concentrator that supports NAT-T?  Most of my remote user VPN's have been setup using IPsec of TCP to alleviate PAT issues through the remote user FW's.  Will i have the same issues if i use NAT-T?
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12104631
Yes, it would be safe to say that you could do that. NAT-T was designed specifically to address the problems with sending IPSec traffic through NAT/PAT devices.
0
 

Author Comment

by:brianmeyers
ID: 12104767
thanks for your assistance!
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question