1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus RT-AC88U NAT Passthrough

Discussion in 'ASUS AC Routers & Adapters' started by hasarouter, Nov 9, 2018.

  1. hasarouter

    hasarouter Occasional Visitor

    Joined:
    Nov 5, 2018
    Messages:
    14
    In Asus RT-AC88U, the VPN related NAT Passthrough by default allows

    PPTP Passthrough
    L2TP Passthrough
    IPSec Passthrough
    RTSP Passthrough
    H.323 Passthrough
    SIP Passthrough

    do any of these pose a security liability ? ie can someone from the WAN take advantage of these passthroughs to connect internally ?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,757
    Location:
    UK
    No, there'd have to be something compromised on the LAN side to begin with.
     
    hasarouter likes this.
  4. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,491
    Location:
    San Diego, CA
    The VPN passthru's are actually an artifact of the old Linksys WRT54G source code - it's outbound only, and most smart devs don't touch things that work ;)
     
    hasarouter likes this.
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,266
    Location:
    Canada
    Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.
     
    hasarouter likes this.
  6. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,491
    Location:
    San Diego, CA
    gah - missed that one, generally it's been a belly button feature in the past - had a useful thing and then kind of a non-issue...

    Last time I had to worry about "PPTP passthru" for example was on my WRT54G going into a Win2K host that was running a PPTP host for remote access...

    For outbound - one shouldn't really need to be concerned with any of the pre-defined switches, and for inbound, generally port-forwarding to an internal LAN host works...
     
    hasarouter likes this.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!