When you click
Passthrough, the IP Passthrough Conﬁguration page appears.
The IP passthrough feature allows a single PC on the LAN to have the Gateway's public address
assigned to it. It also provides PAT (NAPT) via the same public IP address for all other hosts on the pri-
vate LAN subnet. Using IP passthrough:
❑ The public WAN IP is used to provide IP address translation for private LAN computers.
❑ The public WAN IP is assigned and reused on a LAN computer.
❑ DHCP address serving can automatically serve the WAN IP address to a LAN computer.
When DHCP is used for addressing the designated passthrough PC, the acquired or conﬁgured WAN
address is passed to DHCP, which will dynamically conﬁgure a single-servable-address subnet, and
reserve the address for the conﬁgured PC's MAC address. This dynamic subnet conﬁguration is
based on the local and remote WAN address and subnet mask. If the WAN interface does not have
a suitable subnet mask that is usable, for example when using PPP or PPPoE, the DHCP subnet con-
ﬁguration will default to a class C subnet mask.
Select either User Conﬁgured PC or an IP address displayed in the selection win-
dow (these are the IP addresses currently being served to computers on your LAN.)
If you select "User Conﬁgured PC", you must then conﬁgure a local PC to have the public WAN IP
Once conﬁgured, the passthrough host's DHCP leases will be shortened to two minutes. This allows for
timely updates of the host's IP address, which will be a private IP address before the WAN connection
is established. After the WAN connection is established and has an address, the passthrough host can
renew its DHCP address binding to acquire the WAN IP address.
Since both the Gateway and the passthrough host will use the same IP address, new sessions that con-
ﬂict with existing sessions will be rejected by the Gateway. For example, suppose you are a teleworker
using an IPSec tunnel from the Gateway and from the passthrough host. Both tunnels go to the same
remote endpoint, such as the VPN access concentrator at your employer's ofﬁce. In this case, the ﬁrst
one to start the IPSec trafﬁc will be allowed; the second one – since, from the WAN, it's indistinguish-
able – will fail.