Motorola 3397GP manual IP Passthrough, Restriction

Administrator’s Handbook

IP Passthrough

When you click IP Passthrough, the IP Passthrough Configuration page appears.

The IP passthrough feature allows a single PC on the LAN to have the Gateway’s public address assigned to it. It also provides PAT (NAPT) via the same public IP address for all other hosts on the pri- vate LAN subnet. Using IP passthrough:

❑The public WAN IP is used to provide IP address translation for private LAN computers.

❑The public WAN IP is assigned and reused on a LAN computer.

❑DHCP address serving can automatically serve the WAN IP address to a LAN computer.

When DHCP is used for addressing the designated passthrough PC, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single-servable-address subnet, and reserve the address for the configured PC’s MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask. If the WAN interface does not have a suitable subnet mask that is usable, for example when using PPP or PPPoE, the DHCP subnet con- figuration will default to a class C subnet mask.

1.Select either User Configured PC or an IP address displayed in the selection win- dow (these are the IP addresses currently being served to computers on your LAN.)

If you select “User Configured PC”, you must then configure a local PC to have the public WAN IP address.

2.Click Enable.

Once configured, the passthrough host's DHCP leases will be shortened to two minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the passthrough host can renew its DHCP address binding to acquire the WAN IP address.

A restriction

Since both the Gateway and the passthrough host will use the same IP address, new sessions that con- flict with existing sessions will be rejected by the Gateway. For example, suppose you are a teleworker using an IPSec tunnel from the Gateway and from the passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer’s office. In this case, the first one to start the IPSec traffic will be allowed; the second one – since, from the WAN, it's indistinguish- able – will fail.

70