Problem solve Get help with specific problems with your technologies, process and projects.

What's the difference between VPN pass-through and multi-tunneling?

Learn why multi-tunneling is better than VPN pass-through and how IPsec plays a role from an expert.

My company is using Cisco VPN client software on a Cisco 3825 router. A trainer was attempting to teach some employees how to connect using the VPN software on his Linksys WRT54G router.

The router has VPN pass-through but not multi-tunneling capabilities. I've tried to explain that his VPN pass-through is not capable of establishing multiple VPN tunnels for 20 users to connect to simultaneously.

Can you explain this for me?

Companies that do not implement true IPsec often advertise their products as VPN pass-through. Just because the device can pass IPsec does not mean they can fully support it.

Not all products handle IPsec the same way and that is the case with pass-through. Devices that support pass-through break the NAT traversal and usually are limited to only one host behind the firewall.

Multi-tunneling allows the system to discriminate and forward traffic based on destination. Devices that support multi-tunneling can connect VPN users and sort each of them into their own establishment tunnel.

This was last published in October 2008

Dig Deeper on Network Security Best Practices and Products