1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incoming IPsec passthrough possible?

Discussion in 'Cisco/Linksys Wireless Routers' started by DevilStick, May 21, 2005.

  1. DevilStick

    DevilStick Network Guru Member

    Hi there!

    Since I plan to buy a WRT54GS and a WAP54G to build up a PtP-Wireless-Bridge, I have some questions concerning IPsec.

    Will the IPsec-passthrough work for both directions? Incoming and outgoing? Some documents explaining the IPSec passthrough option only tell that this options supports internal pcs opening an outgoing vpn connection.

    I plan to connect a cisco pix 501 behind the access point and forward IPsec to it. Does the WRT54GS know that, when port 500/udp is forwarded to the pix, all IPsec traffic concerning this connection has to be forwarded to the pix, too? Or will I have to set up the pix as DMZ-IP, so that it gets all traffic?

    Here a picture of the network layout:

    DSL --> WRT54GS --> WAP54G --> PIX 501 -- PC

    The router should assign a DDNS entry which can be used to open an IPsec vpn connection to the pix.

    I assume there will be some firmeware hack that allows to put a WRT54G into PtP-Bridge-Mode, since the original firmeware only allows AP-Mode for it.

    Would be nice, if you could give me a short feedback whether my planed network configuration will work, like I expect it to do.
  2. rdhw

    rdhw Network Guru Member

    I have succesfully used incoming L2TP over IPSec to a client of a WRT54G router.

    Because you will be doing NAT-traversal, you might need to port-forward UDP port 4500 as well as 500 for IPSec.

    If you are using L2TP, you will need to port-forward UDP port 1701.

    Using NAT-T to or from a Windows end-point requires a registry patch in Windows XP.
  3. DevilStick

    DevilStick Network Guru Member

    Thanx for your reply.

    Will I need this registry patch only when using windows built-in vpn client (add new dial-in connection via vpn) or also when using the additional cisco vpn client?

    I guess you mean the L2TP/IPsec NAT-T update. This update should already be included in WinXP SP2.

    I wonder whether this update only applies to L2TP and PPTP or also works for cisco vpn. Well, I give it try.

  4. rdhw

    rdhw Network Guru Member

Share This Page