DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Firewall block all but permitted traffic and vpn problems
- j.baker
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 55
- Thank you received: 0
23 Aug 2010 09:55 #63470
by j.baker
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Firewall block all but permitted traffic and vpn problems was created by j.baker
Hi,
The 2820 default firewall security is poor, so I have created a list of firewall policies/rules to permit specific traffic in and out of the network. All works well, except for the on demand vpn tunnel between my site and another. Before the default block all traffic and then permit, the vpn tunnel would connect and traffic would flow without any problems.
With the filers in place, the tunnel will not come up when there is traffic.
I have added rule to allow traffic from and to the other remote network. I even create a rule that allowed all traffic to any destination, but the tunnel does not come up.
If I log into the router, I can press the dial button on the VPN profile and it all works.
2nd issue, and this is a biggie.
If I use the USB samba setup, even with the block all traffic or a custom firewall policy, the exteranl posts are open. This is not good.
Doing an external scan, by usingwww.grc.com , post 135 & 139 are open when using the Samba server.
Model Name : Vigor2820Vn
Firmware Version : 3.3.4_232201
Build Date/Time : Jun 15 2010 10:38:10
ADSL Firmware Version : 232201_A Hardware: Annex A
The 2820 default firewall security is poor, so I have created a list of firewall policies/rules to permit specific traffic in and out of the network. All works well, except for the on demand vpn tunnel between my site and another. Before the default block all traffic and then permit, the vpn tunnel would connect and traffic would flow without any problems.
With the filers in place, the tunnel will not come up when there is traffic.
I have added rule to allow traffic from and to the other remote network. I even create a rule that allowed all traffic to any destination, but the tunnel does not come up.
If I log into the router, I can press the dial button on the VPN profile and it all works.
2nd issue, and this is a biggie.
If I use the USB samba setup, even with the block all traffic or a custom firewall policy, the exteranl posts are open. This is not good.
Doing an external scan, by using
Model Name : Vigor2820Vn
Firmware Version : 3.3.4_232201
Build Date/Time : Jun 15 2010 10:38:10
ADSL Firmware Version : 232201_A Hardware: Annex A
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
23 Aug 2010 11:21 #63476
by voodle
Replied by voodle on topic Firewall block all but permitted traffic and vpn problems
If you've blocked most traffic, have you allowed port TCP 1723 & GRE 47 if you're using PPTP, or UDP port 500 for IPSec?
Please Log in or Create an account to join the conversation.
- j.baker
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 55
- Thank you received: 0
23 Aug 2010 11:30 #63477
by j.baker
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Replied by j.baker on topic Firewall block all but permitted traffic and vpn problems
I added a rule to allow all traffic from LAN to WAN. The tunnel does not come up automatically. If I click on the dial button in the VPN connection tab, then the tunnel starts. Traffic flows correctly though the tunnel. The problem is with the tunnel auto-connecting on demand, which is initiated by the 2820.
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Please Log in or Create an account to join the conversation.
- j.baker
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 55
- Thank you received: 0
27 Aug 2010 13:16 #63556
by j.baker
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Replied by j.baker on topic Firewall block all but permitted traffic and vpn problems
I think I found the solution.
I added a rule to the default call list to allow traffic from my LAN to WAN with the destination subnet of my remote VPN. It appears to be work now.
I added a rule to the default call list to allow traffic from my LAN to WAN with the destination subnet of my remote VPN. It appears to be work now.
Regards
John Baker
Vigor2820 series with firmware 3.3.5.2_RC2
ADSL
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek