The difference between a VPN tunnel and VPN-passthrough.

Posted on 2004-11-15
Last Modified: 2012-06-21
Can someone please explain the differences between a VPN-Tunnel and a VPN pass-through?

Here is what i am trying to achieve:

Remotely manage a network of 30 Pcs using VNC/PCanywhere

Server 1 - Windows 2000 server with static internet facing IP address ( and 1 static address of
Server 2 - Windows 2000 DC running DHCP for the 30 client PCs. 1 static address of
Server 3 - Windows 2000 DC (backup) with static IP

30 clients ( >

I am looking for a hardware firewall/router/vpn device so that i can connect my pc to my client's office and be assigned an internal IP allowing access inside the network ( for example). The some devices of the ones i'm looking at have X number of VPN tunnels and some just have VPN-passthrough, so what's the difference? Which one should i use given my situation?
Question by:apcs-uk
    LVL 36

    Expert Comment

    Hi apcs-uk,
    A VPN Tunnel is where the device itself acts as the end point to the VPN so it handles all the encryption required and efectivly joins the two local networks together.

    The alternative method is to run a VPN client on a PC. For this to work the router/firewall the traffic goes through needs to understand the VPN traffic as on home routers this option is called 'pass-thru'.

    Author Comment

    grblades, thanks for the quick response. With the VPN tunnel, how does the authentication to the 2000 domain work (ie. access to resources within the domain)?

    With the PASS-THROUGH, can i route the VPN traffic to a specific server on the network, (, for example)?
    LVL 36

    Accepted Solution

    If you have the Windows server as the VPN endpoint then you can either:-
    1) Log into your machine and then ititiate the VPN connection. When you connect you supply a username/password. When you go to access a resource you may be asked a password for the domain once.
    2) When you log on to your machine you choose to log on remotely and when you connect you log straight into the domain at the remote site. This will mean the user gets a different profile. Most of the time this is too much of a pain to use.

    A router supporting PASS-THRU can only reliably be used at the clients site. If you want a router for your main site where the VPN server is you need a better router/firewall when you can specify specifically the type of traffic which can be sent to a particular machine

    My normal recomendation is to go for something like a Cisco PIX firewall and for the clients to use the Cisco VPN client as it is more secure. You can configure the PIX to authenticate against the Windows server if you wish. When clients connect using this method they are asked for a password and then the Cisco client connects. Once connected they will be asked for a username/password when they access the network resource.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now