RT-AC3200 is breaking my VPN to work - IKE port redirected

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Edbert

Occasional Visitor
Maybe not breaking, just severely hampering.

I've confirmed via WireShark that my PC is sending requests on destination port 4500 (IKE) and the router is converting them to 443 (HTTPS) which the VPN endpoint at work sees and thinks I'm a guest or visitor mode connection...which sucks!

I know there are no outbound rules on this device, but is there a way to force the correct port?
 

ColinTaylor

Part of the Furniture
Have you tried changing the IPSec Passthrough setting at WAN > NAT Passthrough ?
 

Edbert

Occasional Visitor
Have you tried changing the IPSec Passthrough setting at WAN > NAT Passthrough ?
That was it.

I'm a little bit disappointed in the wording from ASUS. This is what it says on-screen...
"(VPN) connection to pass through the router to the network clients".

I think that should say "from" the clients not "to" them.

Regardless that fixed the issue, and you sir deserve a cookie!
 

roostir

New Around Here
I wonder if this is my problem? I have a new Asus RT-AX86U which connects perfectly with everything in my home. However, although it does connect to my work laptop (with VPN) and I can browse the internet and do a few other things to show that it is connected, the router is not allowing full connectivity to the extent that I cannot use Microsoft Outlook, IE, Teams, etc.. When I plug it all into my old router, it all works. What in the world?
 

roostir

New Around Here
:) Yep.. Just waiting for the kid's Zoom meetings to finish up for the day. Really hoping this cures it.
 

roostir

New Around Here
So.. the IPSec Passthrough setting was already set to "Enable" along with all of the other passthrough options (I tried Disable too). Not working for me. One other thing I noticed with my work computer, it's the only client in my list that is 'Static' as opposed to DHCP. Not sure if that plays a role. Again, it connects but not fully to where all my application work.
 

roostir

New Around Here
Let me know if anyone sees an obvious change I can make on the new router based on the old router settings. The existing settings on the old router (Apple Airport Time Capsule 802.11ac Model A1470 ver 7.9.1) which does not have the problem I am experiencing with the new Asus, are:
  • INTERNET
    • Connect using: DHCP
    • IPv4 Address: Renew DHCP Lease
    • DNS Servers: blank
    • IPv6 DNS servers: blank
    • Domain Name: blank
      • Internet Options
        • Configure IPv6: Automatically
        • IPv6 Mode: Native
        • Enable IPv6 Connection sharing (unchecked)
        • IPv6 Address: blank
        • IPv6 Default Route: blank
        • Use dynamic global hostname (unchecked)
  • WIRELESS
    • Network mode: Create a wireless network
    • Wireless Network Name: Name
    • Wireless Security: WPA2 Personal
    • Wireless Password: **********
    • Verify Password: *********
    • Enable Guest Network (unchecked)
      • Wireless Options
        • 5Ghz network name (unchecked): none
        • Country: United States
        • Create hidden network (unchecked)
        • 2.4GHz Channel: Automatic
        • 5GHz Channel: Automatic
  • NETWORK
    • Router Mode: DHCP and NAT
    • DHCP Range: 10.0.1.2 to 10.0.1.200
    • DHCP Reservations: None listed
    • Port Settings: None listed
    • Enable Access Control (unchecked)
      • Network Options
        • DHCP Lease: 1 day
        • IPv4 DHCP Range: 10.0.1.2 to 200
        • Enable NAT Port Mapping Protocol (checked)
        • Enable default host at: none
        • Enable IGMP Snooping (unchecked)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top