Installation Manual References5.9.3 Installing SIP Phones at a Remote Site5.9.4 Installing IP Phones at a Remote Site with a Built-in Media Relay GatewayFeature Manual References15.1.5 Peer-to-Peer (P2P) Connection8.6.19 IPsec Pass-throughDescriptionFor VPN packets that use IPsec and are sent and received from a specified device on the LAN, you canconfigure settings so that (1) the port number is not changed when these packets are sent and received and(2) these packets are allowed to cross the LAN–WAN boundary uninhibited.Only 1 device on the LAN can be designated as the IPsec pass-through device.Setting DescriptionApplication IPsecProtocol/Protocol number ESP*1 / 50Port number UDP/500: ISAKMP*2UDP/4500: NAT-T*3A VPN that uses IPsec is a tunneling protocol, so the send/receive port number for packets additionallyindicates which tunneling protocol the packets are using. If the port number is changed by the dynamic NAPT(IP masquerade) feature, the information that indicates the tunneling protocol will be lost, and end-to-endcommunication will be impossible.To allow end-to-end communication, specified packets from a specified device are allowed to pass throughthe WAN–LAN boundary without having their port number changed.Conditions• The IPsec pass-through feature cannot be used together with the PBX’s IPsec feature or the VPSS feature.This is because when IPsec packets pass through to the LAN, they cannot be distinguished from VPN(IPsec) packets for the KX-NS1000.• Communication across the WAN–LAN boundary is subject to the following conditions:– IKE*4 must be able to be initiated from the WAN side.– The first ESP*1 packet must be able to be sent from either the LAN side or the WAN side.*1 ESP: Encapsulating Security Payload*2 ISAKMP: Internet Security Association Key Management Protocol*3 NAT-T: NAT Traversal*4 IKE: Internet Key ExchangePC Programming Manual References27.11 Router Configuration—VPN—[3-3] Pass ThroughDocument Version 2016-03 Installation Manual 3658.6.19 IPsec Pass-through