Solved

Draytek filter ports over VPN

Posted on 2014-02-13
6
365 Views
Last Modified: 2014-02-17
Hi

I have a client that asked us to install a router / firewall that would allow a LAN to LAN VPN.  We installed a Draytek Vigor 2830 and configured the VPN as requested.  The VPN is up and operational - however the end service need it configured so certain ports do not flow over the VPN.  The ports are 20030 - 20031 and 20060 - 20064, these ports must be excluded from the VPN and all other traffic to be sent over the VPN.

Please can some one assist?

Thanks
Adam
0
Comment
Question by:Hosted247
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39857491
You should see a firewall policy allowing traffic between IPSec VPN tunnel.

You would need to create a same policy with deny rule with service ports listed above.

That rule needs to be above the allowed traffic rule.
0
 

Author Comment

by:Hosted247
ID: 39857580
Hi Infamous

Thanks for the prompt reply - there are no rules under the Firewall :(
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39857609
then you need to create a rule something like this.

Instead of IP you want to block the port range.

http://community.spiceworks.com/topic/444112-draytek-2830-only-allow-certain-ip-s-through-to-port
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Hosted247
ID: 39857611
Hi infamous,

One thought - can I route just the 1 IP required over the WAN link even though it is in the network configured for the VPN?

Thanks
0
 
LVL 12

Accepted Solution

by:
Infamus earned 500 total points
ID: 39857627
Yes, you can do it by creating a firewall rule as suggested...
0
 

Author Comment

by:Hosted247
ID: 39857637
Thanks for the info - I have setup a policy route on the Draytek to route the required port ranges over WAN1 - I will have to wait for the client to test tomorrow (we are in the UK) to get them to confirm.

Thanks for your help and I will confirm if it works tomorrow.

Adam
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question