IPSec Passthrough limitations on a LINKSYS Wireless Router.  Model Number WRT54GS

Posted on 2004-09-02
Last Modified: 2013-11-29
How Many IPSEC passthough tunnels can you have active at the same time through this Linksys Wireless Router?    
Question by:brianmeyers
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 79

Expert Comment

ID: 11968705

You would need the VPN model to get more, like the WRV54G


Author Comment

ID: 11968987
is this a firmware limitation within the Linksys or a IPsec issue?

Author Comment

ID: 11969024
oh and one other comment.  lrmoore suggested a WRV54G model but i didn't read anything about "maximum passthrough tunnels" just that you can configure multiple vpn tunnels to this HW device.  Is this you you perceive it?
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.


Accepted Solution

jasperomalley earned 50 total points
ID: 11984865
It's both a firmware limitation and an IPsec issue, depending on how you look at it. It's fairly easy for the router to track IPsec connections from one internal hosts to one external host, or even any number of internal hosts to different external hosts, but it becomes more complicated when you have multiple internal hosts creating VPN tunnels to the same external host. So, most broadband router and SOHO firewall manufacturers just give you the ability to do one VPN passthrough tunnel and say they're done with it, in order to avoid having to program for the more complex cases.

A better solution all around is to use NAT Traversal (NAT-T), in which the VPN client and server encapsulate IPsec connections in UDP packets sent to/from UDP port 4500 on the server, since most router/firewall devices doing NAT can handle UDP translation easily. Most VPN server devices (and their clients) can do NAT-T nowadays, although some devices might require a firmware upgrade in order to do so.

Author Comment

ID: 12104224
so would it be safe to say that you could have multiple remote user VPN's passing through the Linksys device back to a concentrator that supports NAT-T?  Most of my remote user VPN's have been setup using IPsec of TCP to alleviate PAT issues through the remote user FW's.  Will i have the same issues if i use NAT-T?

Expert Comment

ID: 12104631
Yes, it would be safe to say that you could do that. NAT-T was designed specifically to address the problems with sending IPSec traffic through NAT/PAT devices.

Author Comment

ID: 12104767
thanks for your assistance!

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Make the most of your online learning experience.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question