VPN passthrough

Unanswered Question
May 7th, 2007

Can VPN traffic be passed through an edge router. I want to setup a 2950 as my Internet router then use a 3950 as the internal router. The 3950 would need to have VPN to VPN configured to an outside network.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 05/07/2007 - 10:17

Hi Joe

Is the edge router going to be doing NAT / PAT ?

VPN traffic can be passed throug a roter, you would need to allow

UDP port 500 (isakmp)

ESP port 50 (ipsec).

Note that ESP is it's own protocol.

If you are doing NAT/PAT on your edge router you may need to run NAT-T which involves allowing additional ports.



JoeMcHale Mon, 05/07/2007 - 10:28

I am doing NAT. I guess what I do not understand is how the traffice gets routed from my internet router to the VPN Router.

Jon Marshall Mon, 05/07/2007 - 23:02


I'm not sure i fully understand your question. IPSEC traffic is like all other IP traffic in that there are source and destination IP address in the packet headers. When the remote send an IPSEC packet to your VPN router the destination address will the IP address on the VPN router and your edge router will just forward this on, as it would with any IP packet, to your VPN router.

This does mean that your VPN router needs to have a publically routable IP address - is this the problem ?



This Discussion