|Skip to Main Content|
  1. PROSPECTIVE STUDENTS
  2. CURRENT STUDENTS
  3. FACULTY & STAFF
  4. ALUMNI
  5. COMMUNITY & FRIENDS
 
  1. CAMPUS LINKS
    1. Inside UNCG
    2. Admissions
    3. Academics
    4. Libraries
    5. Administration
    6. Research & Centers
    7. International Programs
    8. Continuing Education
      & Outreach
    9. Technology
    10. Arts & Entertainment
    11. Employment
    12. Corporate Resources
    13. Giving to UNCG

Information Technology Services

Home » VPN » Issues » Routers

  1. VPN Support

  2. VPN Home
  3. Account types
  4. Requirements
  5. Installation
    Instructions
  6. Issues
  7. Download
  8. FAQ

Router Support

The following is provided for information only. No special configuration is typically needed for off-the-shelf routers available to consumers. UNCG provides no support for the use of routers not owned by UNCG in conjunction with the Cisco VPN client. Some routers intended for the home and small office environments limit the number of possible VPN connections.

Linksys Routers

If you are using a Linksys router/firewall with your broadband connection, enable IPSec and PPTP to pass through. Also enable the "Block WAN Request" option. If you are having difficulties, try upgrading your Linksys firmware to the latest version. Note that a Linksys router will allow a maximum of one VPN session at a time.

  1. What outbound ports need to be open in my firewall in order for VPN to work?

    You may need to be certain that your firewall allows the following protocols outbound:
    • UDP and TCP port 500 (IKE, Internet Key Exchange)
    • IP Protocol 50 (ESP)
    • IP Protocol 51 (AH)
    • UDP 4500 and TCP port 10000 (IPSec data payload encapsulated in UDP or TCP)
    • TCP port 443 (IPSec encapsulated in TCP)
    If you are behind a device that does NAT (Network Address Translation)—or more specifically PAT (Port Address Translation)—you will need to be sure it handles the IKE packets (i.e. it should know not to change the source port on IKE packets). On the Linksys model routers you do this by checking the “IPSec Passthrough” option, but most other firewalls know this protocol as well.

  2. I have multiple computers behind a router/firewall at home and want to use the VPN client on both of them. Will this work?

    Yes. However, you must enable either UDP or TCP encapsulation. By enabling encapsulation, it allows multiple computers to share the same IP address for the VPN connection. The router/firewall uses NAT so that all traffic from both computers will appear to be coming from the same IP source address. Encapsulation forces the VPN to use not only the source IP address but also source port when identifying VPN connections.

  3. When I connect from home to the UNCG VPN, what subnets will I appear to come from on campus?

    The subnets/ranges are as follows:
    • 152.13.97.10 - 152.13.97.240
    • 152.13.95.10 - 152.13.95.240
    You may need to allow all of these subnets through your firewall if you want VPN users to gain access to your resources.

  4. I am uncertain when and why I should enable encapsulation and which type to enable. When should I enable UDP or TCP encapsulation?

    A general rule for encapsulation is:
    • If you are at home and behind a router or firewall doing NAT, enable UDP encapsulation.
    • If you are behind a corporate or remote firewall (such as a conference), use TCP encapsulation, as it will run VPN on a standard port allowing you to pass through the firewall.
    • If you are in a dial-up connection, enable TCP encapsulation.
    • If you are on the wireless network, do not enable any encapsulation.
  5. What are some examples of P2P programs?

    Some commonly used P2P programs are Kazaa, Gnutella, LimeWire, Skype, and file sharing via instant messaging (IM) programs such as Yahoo Messenger and MSN Messenger.

  6. Can I use P2P file sharing applications across the UNCG VPN?

    No. P2P applications are not allowed on the VPN. This traffic is blocked to and from the Internet for VPN users.

  7. How long can I stay connected to UNCG VPN server?

    Maximum connection time is set to be 24 hours - or 1 day. Idle connections will be disconnected after 1.5 hours.

 
Information Technology Services
The University of North Carolina at Greensboro
Greensboro, NC 27402-6170
Technical Support 336.256.TECH (8324)