Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Draytek filter ports over VPN

Posted on 2014-02-13
6
Medium Priority
?
378 Views
Last Modified: 2014-02-17
Hi

I have a client that asked us to install a router / firewall that would allow a LAN to LAN VPN.  We installed a Draytek Vigor 2830 and configured the VPN as requested.  The VPN is up and operational - however the end service need it configured so certain ports do not flow over the VPN.  The ports are 20030 - 20031 and 20060 - 20064, these ports must be excluded from the VPN and all other traffic to be sent over the VPN.

Please can some one assist?

Thanks
Adam
0
Comment
Question by:Hosted247
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39857491
You should see a firewall policy allowing traffic between IPSec VPN tunnel.

You would need to create a same policy with deny rule with service ports listed above.

That rule needs to be above the allowed traffic rule.
0
 

Author Comment

by:Hosted247
ID: 39857580
Hi Infamous

Thanks for the prompt reply - there are no rules under the Firewall :(
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39857609
then you need to create a rule something like this.

Instead of IP you want to block the port range.

http://community.spiceworks.com/topic/444112-draytek-2830-only-allow-certain-ip-s-through-to-port
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:Hosted247
ID: 39857611
Hi infamous,

One thought - can I route just the 1 IP required over the WAN link even though it is in the network configured for the VPN?

Thanks
0
 
LVL 12

Accepted Solution

by:
Infamus earned 2000 total points
ID: 39857627
Yes, you can do it by creating a firewall rule as suggested...
0
 

Author Comment

by:Hosted247
ID: 39857637
Thanks for the info - I have setup a policy route on the Draytek to route the required port ranges over WAN1 - I will have to wait for the client to test tomorrow (we are in the UK) to get them to confirm.

Thanks for your help and I will confirm if it works tomorrow.

Adam
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question