Hi,
I want to restrict access to a remote 2830 Vigor such that I only get presented the login page if I come from my trusted trusted IP source. My ISP gives me a static WAN IP. Under system maintenance->management I have added my IP to the "Access List from the Internet". I have also checked "allow management from the internet".

However, my findings are I can come from any external source, connect to my 2830 and upon entering my credentials, it won't allow me in. BUT, I don't even want anyone to hit the login page on the first instance. If connect from my trusted source to the Vigor, I get the login page, and upon entering the credentials I get in.

Is this broken or am I missing something. Hope it is not expected behaviour!
Thanks,

see the last 2 replies if helps (same issue)
http://www.forum.draytek.co.uk/viewtopic.php?f=14&t=20195#p83439

My issue is different from the one described in the post [url]viewtopic.php?f=14&t=20195#p83439[/url] "babis3g".
Bizarrely, anyone from the internet can hit my 2830 via https and be prompted for the credentials! I don't want that. I only want trusted sources to be presented with the login page. Despite have that set in the access list, it still prompts anyone to connect.

Hope I am making sense.

OK understand now, sorry

see patr part 2 if the section b is not in use with any other service?
https://www.draytek.com/index.php?option=com_k2&view=item&id=5358&Itemid=293&lang=en

Also did you reboot the 2830 to take effect (by the end of the page needs to click 2 times the ok button for having effect)

Try with disable ping from internet
If all there are ok, then maybe some settings at System Maintenance >> Admin Setting (related?)

Latest firmware s 3.6.8.2 from Taiwan (perhaps try an older) ... or contact the support if is a bug

Thanks for your input babis3g.

I think this is just broken. I am already running on the latest code "3.6.8.2_sb_232201" thinking they might have fixed it, but that is not the case. I am surprised that this has not been picked up by Draytek - its quite a basic thing to put right. If you have a draytek 2830 (single-band), and it connected to the internet, you can try to connect to that IP from from the outside. You will be prompted for the login detail. When you enter them in, you will *NOT* be allowed in because the source address is not in the access list. However, I don't want ANYONE to even be presented the login page!

From memory I am sure this used to work in an earlier version, I would have checked that, and don't know when it broke. I tend to just update the firmware as soon as a new release is made available thinking old fixes will remain. I guess not :o

I did have the a tick in the "disable ping from internet" and I also tried it without a tick, and reboot, which didn't help much.

Regards,

I do have a 2830 but is not on at the moment to test ... seems like (it must be) an issue then ... because i remember i tried it as well & was fine with one older firmware about over an year ago
Open a ticket to the support ... they may provide you soon with a beta fix