In this Q&A, our VPN expert describes the difference between a true VPN and VPN pass-through, a feature often found in small business Internet gateway devices.
QUESTION: I have heard about VPN and VPN pass-through. Please explain the difference between
them.
You
Requires Free Membership to View
will see this feature mainly in small business Internet gateway devices. This is an excellent
question because it confuses a lot of folks who don't know much about the inner workings of
VPNs.
A small business network device that supports true VPN will probably support either IPsec, PPTP, L2TP or... SSL VPN technologies. This means that the device actually has an implementation of the protocol running on it and can be used to connect to a central server or VPN gateway; therefore, a VPN client would not be required.
On the other hand, a small-business network device that supports VPN pass-throu gh simply means that it can support "passing through" packets that originate from VPN clients (typically on laptops or PCs) out through a VPN server on the Internet. A special feature like this is needed because:
- These small business devices are involved with NAT and PAT
- VPN protocols like IPsec (and the associated data path ESP) don't have a specific port number for the device to multiplex the port address translation back to your laptop or PC
- This feature enables some special processing of packets that are IPsec ESP data packets and allows the device to keep a table of active connected VPN tunnels.
This was first published in July 2007