Riddle me this (apologies to the recently departed Frank Gorshin). When doesn’t a router allow a VPN pass-through? OK, lots of answers to that, so let me provide more details.

I was called in by a new client to set up a Linksys BEFSR41v4 router on an EarthLink DSL connection. Straightforward enough. I got the router operational in no time; all PCs attached to the router seemed happy. However, when I tried to connect the client’s Nortel Contivity VPN client to their corporate LAN, no go.

I checked the router config, and all the VPN pass-through options were enabled. I also went to the Linksys web site, and they did not appear to have a newer firmware version available for this router. The only firmware they had for this family of routers was for the BEFSR41 and the BEFSR41v3 router, nothing specific for the “v4″ model. I even tried putting the workstation into a DMZ, and still no dice.

Now here are some more baffling facts:

1. With my own laptop connected to the router, I could connect a Nortel VPN client I have for another company’s network.

2. I could ping the host name of the VPN destination on the client’s laptop while connected to the router.
3. On the client’s laptop, I could connect their VPN client when attached directly to the DSL modem.

My theory is that the back end of their VPN system has some exotic port setup, and that the Linksys router doesn’t have that port open by default. I am trying to get those details so I can further troubleshoot. I am also going to try a D-Link Router I have handy to see if it works any better. Perhaps it’s something with the version of the Nortel VPN client they are running and this particular make and model of Linksys Router.

Weird, n’est pas?