Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
1
Replies

VPN Pass-Through

schughtai
Level 1
Level 1

‎06-17-2008 03:36 PM - edited ‎02-21-2020 03:46 PM

Hello

What is VPN pass-through and how do you configure it on a 2821 ?

Not configured pass through before

Labels:
0 Helpful
1 Reply 1

michael.leblanc
Level 4
Level 4

‎06-17-2008 04:12 PM

The general idea is to provision your interface ACLs to accommodate the VPN Client-to-VPN Server tunnel negotiation, and the resulting tunnel traffic.

If your VPN Client resides behind a NAT firewall, you will configure your VPN Client software to do NAT discovery, and ultimately encapsulate the IPSec tunnel within UDP or TCP (depending on server capabilities, and your personal preferences) to overcome the presence of NAT.

Your client-side router interface will need to accommodate outbound ISAKMP (UDP port 500) to do the discovery, and UDP port 4500 (keyword: non500-isakmp) if you elect to go with UDP encapsulation of IPSec. Likewise, the appropriate TCP port if you go with a TCP encapsulation of IPSec.

Your external router interface should accommodate these same protocols inbound (return traffic).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents