Problem solve Get help with specific problems with your technologies, process and projects.

Is it possible to set up a VPN Endpoint router behind my ISP's router?

My DSL provider requires PPPoA, which is not supported by my Linksys WRV54G router. Therefore I must use the ActionTec...

DSL gateway from my DSL provider. I have the ISP's ActionTec gateway connected to the DSL line, with a cable between it's LAN port and the WRV54G's WAN port. A VPN tunnel from my WRV54G works when the WRV54G is directly connected to the Internet, but not when connected through the ActionTec. Does the ActionTec support VPN Pass-Through? If so will it handle more than one tunnel from the WRV54G? According to ActionTec, their DSL Modem with routing capabilities and their DSL Gateway support VPN Passthrough. Unfortunately, ActionTec's VPN Passthrough implementation does not work with Gateway-to-Gateway VPN tunnels - it only works with VPN tunnels initiated by VPN Clients.

When your WRV56G is behind the ActionTec, NAT is being applied to multiplex everything on the LAN side of the DSL gateway onto the WAN IP address of that gateway. Your WRV56G therefore does not have a unique routable address with which to create an IPsec Main Mode tunnel. So you can't get the tunnel to connect.

You might have luck configuring your WRV56G to behave like a VPN Client, using IPsec Aggressive Mode to initiate the tunnel and an identity that's not an IP address. See if you can change the WRV's Local Security Gateway Type to Dynamic IP + Email address. Don't forget to change the Remote Security Gateway Type and value on the other Gateway to match. This configuration will be limited to tunnels initiated by your WRV to the Remote Gateway - the Remote Gateway will not be able to initiate tunnels to the WRV. However, this configuration has a better chance of making it through the ActionTec Passthrough. I don't know, but suspect that Passthrough will probably be limited to one tunnel at a time.

This was last published in May 2004

Dig Deeper on Network Access Control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.