Vpn ipsec pass through – Netopia 6.3 User Manual

27

Section 3

General

VPN IPSec Pass Through

This Cayman service supports your independent VPN client software in a
transparent manner. Cayman has implemented an Application Layer Gate-
way (ALG) to support multiple PCs running IP Security protocols.

This feature has three elements:

1. On power up or reset, the address mapping function (NAT) of the Gateway’s

WAN configuration is turned on by default.

2. When you use your third-party VPN application, the Gateway recognizes the

traffic from your client and your unit. It allows the packets to pass through the
NAT “protection layer” via the encrypted IPSec tunnel.

3. The encrypted IPSec tunnel is established “through” the Gateway.

A typical VPN IPSec Tunnel pass through is diagrammed below:

Typically, no special configuration is necessary to use the IPSec pass
through feature. This feature may need to be disabled for special VPN
clients that are designed to be supported through NAT.

In the diagram, VPN PC clients are shown behind the Cayman Gate-
way and the secure server is at Corporate Headquarters across the
WAN. You cannot have your secure server behind the Cayman Gate-
way.

When multiple PCs are starting IPSec sessions, they must be started
one at atime to allow the associations to be created and mapped.

Cayman
Gateway