How to configure non-dsl router for VPN ports ?

Chris Coleman
Chris Coleman used Ask the Experts™
Previously we used a DSL router with NAT and Firewall to allow VPN ports (500,4500 and 1701) through to a VPN server on the LAN, which gave remote access to PCs and File Shares.

Our internet supplier has changed and we now have just an IP connection to work with. We have connected this to an IP port on the router which gives us internet access and allows us to access local resources - IE. the old DSL router is still happily delivering DCHP addresses to the LAN in the correct range although the DNS (also) does not appear to be working, I'm not to bothered about that as I think fixing the port mappings will lead to a solution to the DNS problem.

The problem is that the port forwarding seems to apply only to connections on the DSL line which clearly is no good.

There must be a router that allows port forwarding off an incoming IP address to a fixed address on the LAN. Oh and since the incoming IP address is not fixed, it may change but would still be attached to the same physical port on the router.

Any takers ?

Chris Coleman.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Typically my VPN router uses 443.  I suggest you use a VPN router for hardware VPN instead of your old DSL router (since you have a new connection).

Also see if your external IP address changed as that will surely affect VPN.
Even consumer-grade firewalls will usually have this feature.  (NAT and/or VPN-passthrough)

Just go to Walmart or Target and get a little firewall.

       it seems to me that my router should support the required configuration. In fact the SYNOLOGY software reports that my router is setup ok but cannot access the ports from the SYNOLOGY website.

Anyway I have also noticed that my DDNS now returns the the ISPs IP address rather than that of my ROUTER which is on his network segment.

I think that because he cannot provide me with a FIXED IP address then he cannot setup a DMZ (or equivalent) for my IP.

I'll talk to him on Monday .

Any additional comments are welcome.

Many Thanks, ChrisColeman.


Problem turned out to be ISP supplier was putting same clients on one LAN subnet therefore could not support any form of VPN (contrary to their website) - He reckons he'll have this sorted by Christmas - He needs a new block of IP addresses (not stated on their website).

Best Regards.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial