< Knowledge Base

VPN Pass-Through Setup

Published On: Nov 12, 2015 

Vigor Router supports VPN pass-through to pass VPN traffic router's LAN.

To do this, you will need:

1. Disable the VPN service on the router: Go to VPN and Remote Access >> Remote Access Control Setup, un-check the VPN protocol that you want to forward to the router's LAN.

2. Go to NAT >> Open Ports, and open the required port to the IP address of the VPN server. The ports required for each protocol are:

3. For IPsec that uses PKI authentication, it is necessary that “Accept large incoming fragmented UDP or ICMP packets” is enabled at Firewall >> General Setup.

Limitations of IPsec VPN

Noted that there are some limitations of IPsec VPN pass-through due to the incompatibilities between IPsec and NAT:

  1. IPsec with Authentication Header (AH) cannot pass through NAT because AH does not allow changing the IP header
  2. To pass through multiple outgoing IPsec tunnels, it requires that both the VPN client and server support NAT-Traversal (NAT-T). Without NAT-T, it only allows one outgoing IPsec VPN at the same time.
  3. L2TP with IPsec policy is in transport mode, which can only pass through NAT if both VPN client and server support NAT-T (Note: All Vigor Router support NAT-T).

Was this helpful?     

Related Articles