Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 389
  • Last Modified:

Draytek filter ports over VPN

Hi

I have a client that asked us to install a router / firewall that would allow a LAN to LAN VPN.  We installed a Draytek Vigor 2830 and configured the VPN as requested.  The VPN is up and operational - however the end service need it configured so certain ports do not flow over the VPN.  The ports are 20030 - 20031 and 20060 - 20064, these ports must be excluded from the VPN and all other traffic to be sent over the VPN.

Please can some one assist?

Thanks
Adam
0
Hosted247
Asked:
Hosted247
  • 3
  • 3
1 Solution
 
InfamusCommented:
You should see a firewall policy allowing traffic between IPSec VPN tunnel.

You would need to create a same policy with deny rule with service ports listed above.

That rule needs to be above the allowed traffic rule.
0
 
Hosted247Author Commented:
Hi Infamous

Thanks for the prompt reply - there are no rules under the Firewall :(
0
 
InfamusCommented:
then you need to create a rule something like this.

Instead of IP you want to block the port range.

http://community.spiceworks.com/topic/444112-draytek-2830-only-allow-certain-ip-s-through-to-port
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Hosted247Author Commented:
Hi infamous,

One thought - can I route just the 1 IP required over the WAN link even though it is in the network configured for the VPN?

Thanks
0
 
InfamusCommented:
Yes, you can do it by creating a firewall rule as suggested...
0
 
Hosted247Author Commented:
Thanks for the info - I have setup a policy route on the Draytek to route the required port ranges over WAN1 - I will have to wait for the client to test tomorrow (we are in the UK) to get them to confirm.

Thanks for your help and I will confirm if it works tomorrow.

Adam
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now