Solved

Draytek filter ports over VPN

Posted on 2014-02-13
6
337 Views
Last Modified: 2014-02-17
Hi

I have a client that asked us to install a router / firewall that would allow a LAN to LAN VPN.  We installed a Draytek Vigor 2830 and configured the VPN as requested.  The VPN is up and operational - however the end service need it configured so certain ports do not flow over the VPN.  The ports are 20030 - 20031 and 20060 - 20064, these ports must be excluded from the VPN and all other traffic to be sent over the VPN.

Please can some one assist?

Thanks
Adam
0
Comment
Question by:Hosted247
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39857491
You should see a firewall policy allowing traffic between IPSec VPN tunnel.

You would need to create a same policy with deny rule with service ports listed above.

That rule needs to be above the allowed traffic rule.
0
 

Author Comment

by:Hosted247
ID: 39857580
Hi Infamous

Thanks for the prompt reply - there are no rules under the Firewall :(
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39857609
then you need to create a rule something like this.

Instead of IP you want to block the port range.

http://community.spiceworks.com/topic/444112-draytek-2830-only-allow-certain-ip-s-through-to-port
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Hosted247
ID: 39857611
Hi infamous,

One thought - can I route just the 1 IP required over the WAN link even though it is in the network configured for the VPN?

Thanks
0
 
LVL 12

Accepted Solution

by:
Infamus earned 500 total points
ID: 39857627
Yes, you can do it by creating a firewall rule as suggested...
0
 

Author Comment

by:Hosted247
ID: 39857637
Thanks for the info - I have setup a policy route on the Draytek to route the required port ranges over WAN1 - I will have to wait for the client to test tomorrow (we are in the UK) to get them to confirm.

Thanks for your help and I will confirm if it works tomorrow.

Adam
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now