Solved

Draytek filter ports over VPN

Posted on 2014-02-13
6
354 Views
Last Modified: 2014-02-17
Hi

I have a client that asked us to install a router / firewall that would allow a LAN to LAN VPN.  We installed a Draytek Vigor 2830 and configured the VPN as requested.  The VPN is up and operational - however the end service need it configured so certain ports do not flow over the VPN.  The ports are 20030 - 20031 and 20060 - 20064, these ports must be excluded from the VPN and all other traffic to be sent over the VPN.

Please can some one assist?

Thanks
Adam
0
Comment
Question by:Hosted247
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39857491
You should see a firewall policy allowing traffic between IPSec VPN tunnel.

You would need to create a same policy with deny rule with service ports listed above.

That rule needs to be above the allowed traffic rule.
0
 

Author Comment

by:Hosted247
ID: 39857580
Hi Infamous

Thanks for the prompt reply - there are no rules under the Firewall :(
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39857609
then you need to create a rule something like this.

Instead of IP you want to block the port range.

http://community.spiceworks.com/topic/444112-draytek-2830-only-allow-certain-ip-s-through-to-port
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:Hosted247
ID: 39857611
Hi infamous,

One thought - can I route just the 1 IP required over the WAN link even though it is in the network configured for the VPN?

Thanks
0
 
LVL 12

Accepted Solution

by:
Infamus earned 500 total points
ID: 39857627
Yes, you can do it by creating a firewall rule as suggested...
0
 

Author Comment

by:Hosted247
ID: 39857637
Thanks for the info - I have setup a policy route on the Draytek to route the required port ranges over WAN1 - I will have to wait for the client to test tomorrow (we are in the UK) to get them to confirm.

Thanks for your help and I will confirm if it works tomorrow.

Adam
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replacing 2811 to ISR 4331 2 79
Show IP BGP Information 10 73
SSH setup on ASA 5505 17 122
Configure 2 Servers with Crossover cable 3 45
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question