Traditional Chinese Simplified Chinese
 
   Support Center FAQ VPN FAQ
 
  
Q. How to set Vigor Router to pass-through VPN Tunnel ?

Please notice some information below first:

1. There are many incompatibilities between NAT and IPsec.

For example:
    a. IPSec with AH can't passthrough NAT.
    b. Only one outgoing IPSec with ESP connection can be established at a time except both VPN client and VPN server support NAT-Traversal mechanism.       
(For more detailed information please refer to RFC 3715)

2. Please be advised that neither "Transport mode' nor "AH" IPSec can passthrough NAT device.
    L2TP with IPSec is trasport mode so it can't be pass-through NAT device except both VPN client and VPN server support NAT-Traversal mechanism.
    All Vigor VPN series router do support NAT-Traversal.

3. If IPSec connection use PKI for tunnel authentication, not Preshared Key, you may need to enable "Accept large incoming fragmented UDP or ICMP packets".


[For example: Vigor2910 series ]



For VPN client to pass-through
Network Topology:
    VPN client ---- Vigor router as NAT device ---- Internet ---- VPN server.
    While VPN client is behind the Vigor router, generally no special settings are required for Vigor router.


For VPN server to pass-through
Network Topology:
    VPN client ---- Internet ---- Vigor router as NAT device ---- VPN server
    While VPN server is behind the Vigor router, please follow the instructions below to setup VPN pass-through.


A. For PPTP Tunnel
    a. Please disable the PPTP VPN Service from "VPN and Remote Access >> Remote Access Control Setup".



     b. Since PPTP Tunnel need to use TCP port 1723 to make a connection. Please open TCP port 1723 from "NAT >> Open Ports >> Edit Open Ports" for VPN Server to pass-through.



B. For IPSec Tunnel
    a. Please disable the IPSec VPN Service from "VPN and Remote Access >> Remote Access Control Setup".



    b. Since IPSec Tunnel need to use UDP port 500 to make a connection. Please open UDP port 500 from "NAT >> Open Ports >> Edit Open Ports" for VPN Server to pass-through.



C. For L2TP Tunnel
    a. Please disable the L2TP VPN Service from "VPN and Remote Access >> Remote Access Control Setup".



    b. Since L2TP Tunnel need to use UDP port 1701 to make a connection. Please open UDP port 1701 from "NAT >> Open Ports >> Edit Open Ports" for VPN Server to pass-through.



Page last modified : 13 October 2008   
Corporate  |   Products Center  |   Information Center  |   Support Center  |   Contact us  |   Register form  |   Customer Survey  |   SiteMap  |   Legal Announcement
Please use IE 5.0 or above ( resolution 1024 * 768 ) for best display.     Copyright © 1997~2008 by DrayTek Corp.