Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VPN passthrough

Can VPN traffic be passed through an edge router. I want to setup a 2950 as my Internet router then use a 3950 as the internal router. The 3950 would need to have VPN to VPN configured to an outside network.

3 REPLIES
Hall of Fame Super Blue

Re: VPN passthrough

Hi Joe

Is the edge router going to be doing NAT / PAT ?

VPN traffic can be passed throug a roter, you would need to allow

UDP port 500 (isakmp)

ESP port 50 (ipsec).

Note that ESP is it's own protocol.

If you are doing NAT/PAT on your edge router you may need to run NAT-T which involves allowing additional ports.

HTH

Jon

New Member

Re: VPN passthrough

I am doing NAT. I guess what I do not understand is how the traffice gets routed from my internet router to the VPN Router.

Hall of Fame Super Blue

Re: VPN passthrough

Joe

I'm not sure i fully understand your question. IPSEC traffic is like all other IP traffic in that there are source and destination IP address in the packet headers. When the remote send an IPSEC packet to your VPN router the destination address will the IP address on the VPN router and your edge router will just forward this on, as it would with any IP packet, to your VPN router.

This does mean that your VPN router needs to have a publically routable IP address - is this the problem ?

Jon

137
Views
0
Helpful
3
Replies
CreatePlease to create content