?
Solved

IPSec Passthrough limitations on a LINKSYS Wireless Router.  Model Number WRT54GS

Posted on 2004-09-02
7
Medium Priority
?
4,888 Views
Last Modified: 2013-11-29
How Many IPSEC passthough tunnels can you have active at the same time through this Linksys Wireless Router?    
0
Comment
Question by:brianmeyers
  • 4
  • 2
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11968705
One

You would need the VPN model to get more, like the WRV54G


0
 

Author Comment

by:brianmeyers
ID: 11968987
is this a firmware limitation within the Linksys or a IPsec issue?
0
 

Author Comment

by:brianmeyers
ID: 11969024
oh and one other comment.  lrmoore suggested a WRV54G model but i didn't read anything about "maximum passthrough tunnels" just that you can configure multiple vpn tunnels to this HW device.  Is this you you perceive it?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
LVL 2

Accepted Solution

by:
jasperomalley earned 200 total points
ID: 11984865
It's both a firmware limitation and an IPsec issue, depending on how you look at it. It's fairly easy for the router to track IPsec connections from one internal hosts to one external host, or even any number of internal hosts to different external hosts, but it becomes more complicated when you have multiple internal hosts creating VPN tunnels to the same external host. So, most broadband router and SOHO firewall manufacturers just give you the ability to do one VPN passthrough tunnel and say they're done with it, in order to avoid having to program for the more complex cases.

A better solution all around is to use NAT Traversal (NAT-T), in which the VPN client and server encapsulate IPsec connections in UDP packets sent to/from UDP port 4500 on the server, since most router/firewall devices doing NAT can handle UDP translation easily. Most VPN server devices (and their clients) can do NAT-T nowadays, although some devices might require a firmware upgrade in order to do so.
0
 

Author Comment

by:brianmeyers
ID: 12104224
so would it be safe to say that you could have multiple remote user VPN's passing through the Linksys device back to a concentrator that supports NAT-T?  Most of my remote user VPN's have been setup using IPsec of TCP to alleviate PAT issues through the remote user FW's.  Will i have the same issues if i use NAT-T?
0
 
LVL 2

Expert Comment

by:jasperomalley
ID: 12104631
Yes, it would be safe to say that you could do that. NAT-T was designed specifically to address the problems with sending IPSec traffic through NAT/PAT devices.
0
 

Author Comment

by:brianmeyers
ID: 12104767
thanks for your assistance!
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question