Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Pass-Through

Hello

What is VPN pass-through and how do you configure it on a 2821 ?

Not configured pass through before

1 REPLY

Re: VPN Pass-Through

The general idea is to provision your interface ACLs to accommodate the VPN Client-to-VPN Server tunnel negotiation, and the resulting tunnel traffic.

If your VPN Client resides behind a NAT firewall, you will configure your VPN Client software to do NAT discovery, and ultimately encapsulate the IPSec tunnel within UDP or TCP (depending on server capabilities, and your personal preferences) to overcome the presence of NAT.

Your client-side router interface will need to accommodate outbound ISAKMP (UDP port 500) to do the discovery, and UDP port 4500 (keyword: non500-isakmp) if you elect to go with UDP encapsulation of IPSec. Likewise, the appropriate TCP port if you go with a TCP encapsulation of IPSec.

Your external router interface should accommodate these same protocols inbound (return traffic).

381
Views
0
Helpful
1
Replies