Muhajreen
asked on
DrayTek Vigor routing and access issue
Hello experts,
We have a DrayTek Vigor 2830n plus which supports 3 simultaneous WAN connections (ADSL, broadband and USB 3G)
We are using two wan connections:
WAN1 is an ADSL which connects to the internet with single dynamic IP
WAN2 is connected to a Cisco 877 router which acts as a gateway to few subnets like (192.168.5.0/24). The Vigor WAN2 static IP is 192.168.101.2 while the Cisco 877 IP is 192.168.101.1
I have setup the LAN IP in Vigor to 192.168.0.250/24 and the routed subnet IP is 192.168.0.201/24
I have also setup load balancing to send traffic destining to addresses between 192.168.1.0 and 192.168.40.255 through WAN2
Now devices in the LAN subnet (192.168.0.0/24) can access devices through Cisco gateway (like 192.168.5.2). The problem is, devices like 192.168.5.2 can't access my LAN devices.
Can any DrayTek expert advice how to solve this?
We have a DrayTek Vigor 2830n plus which supports 3 simultaneous WAN connections (ADSL, broadband and USB 3G)
We are using two wan connections:
WAN1 is an ADSL which connects to the internet with single dynamic IP
WAN2 is connected to a Cisco 877 router which acts as a gateway to few subnets like (192.168.5.0/24). The Vigor WAN2 static IP is 192.168.101.2 while the Cisco 877 IP is 192.168.101.1
I have setup the LAN IP in Vigor to 192.168.0.250/24 and the routed subnet IP is 192.168.0.201/24
I have also setup load balancing to send traffic destining to addresses between 192.168.1.0 and 192.168.40.255 through WAN2
Now devices in the LAN subnet (192.168.0.0/24) can access devices through Cisco gateway (like 192.168.5.2). The problem is, devices like 192.168.5.2 can't access my LAN devices.
Can any DrayTek expert advice how to solve this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Yes I found the same solution provided by you and applied it successfully.
Coming out of a wan port on the draytek to the Cisco LAN side will let things behind the draytek hit stuff on the Cisco LAN, like you have. But you can't go the other way because that's like the Internet being able to come back up in your router. This is blocked in the firewall by default. So one way to fix this is to add a firewall rule from wan2 -> LAN on the draytek if its in the Cisco LAN, then allow it.