Solved

IPSec Passthrough limitations on a LINKSYS Wireless Router.  Model Number WRT54GS

Posted on 2004-09-02
7
4,866 Views
Last Modified: 2013-11-29
How Many IPSEC passthough tunnels can you have active at the same time through this Linksys Wireless Router?    
0
Comment
Question by:brianmeyers
  • 4
  • 2
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11968705
One

You would need the VPN model to get more, like the WRV54G


0
 

Author Comment

by:brianmeyers
ID: 11968987
is this a firmware limitation within the Linksys or a IPsec issue?
0
 

Author Comment

by:brianmeyers
ID: 11969024
oh and one other comment.  lrmoore suggested a WRV54G model but i didn't read anything about "maximum passthrough tunnels" just that you can configure multiple vpn tunnels to this HW device.  Is this you you perceive it?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Accepted Solution

by:
jasperomalley earned 50 total points
ID: 11984865
It's both a firmware limitation and an IPsec issue, depending on how you look at it. It's fairly easy for the router to track IPsec connections from one internal hosts to one external host, or even any number of internal hosts to different external hosts, but it becomes more complicated when you have multiple internal hosts creating VPN tunnels to the same external host. So, most broadband router and SOHO firewall manufacturers just give you the ability to do one VPN passthrough tunnel and say they're done with it, in order to avoid having to program for the more complex cases.

A better solution all around is to use NAT Traversal (NAT-T), in which the VPN client and server encapsulate IPsec connections in UDP packets sent to/from UDP port 4500 on the server, since most router/firewall devices doing NAT can handle UDP translation easily. Most VPN server devices (and their clients) can do NAT-T nowadays, although some devices might require a firmware upgrade in order to do so.
0
 

Author Comment

by:brianmeyers
ID: 12104224
so would it be safe to say that you could have multiple remote user VPN's passing through the Linksys device back to a concentrator that supports NAT-T?  Most of my remote user VPN's have been setup using IPsec of TCP to alleviate PAT issues through the remote user FW's.  Will i have the same issues if i use NAT-T?
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12104631
Yes, it would be safe to say that you could do that. NAT-T was designed specifically to address the problems with sending IPSec traffic through NAT/PAT devices.
0
 

Author Comment

by:brianmeyers
ID: 12104767
thanks for your assistance!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
extend vlan through a layer 3 connection 31 148
Why does my public IP keep changing? 6 64
Use of vpn-filter value  in S2S VPN 2 35
VPN Connection WIndows 10 5 44
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question