Bento wrote: We have assigned to us by our ISP, a single static IP for the WAN interface of our router, (xx.xx.67.100) and also a block of /29 (xx.xx.7.89/29) , which is routed by the ISP to the single static address. We want the /29 setup as a range on a VLAN behind the Draytek to put servers in, etc so that they have a public IP and can be accessed from anywhere, but also so they can communicate to/from clients on the private LAN which is in LAN1 and has the range 192.168.84.254/24.

The Draytek's interface is not on the same network as your servers ... so in the absence of any Routing configuration, communications between them will be probably be via the ISP's gateway(s). If you use Tracert on the server, when trying to access the LAN address, is the traffic heading outbound to the ISP? ... and vice-versa from LAN to server. (Obviously, if this is the case, LAN IP addresses aren't going to route properly)

Things that might help, are static routes twixt server and Draytek, possibly a second (LAN) IP set on each of the servers interfaces; the "Route Policy" function might be persuaded to help as well ... as may setting a WAN IP Alias, that is actually a LAN address.

Most of the above would come under the heading of "Magic Spells", should they happen to work

One thing that probably would work, but has little to recommend it, is establishing a VPN connection from each server to the Draytek. That way, the server can have a 2nd (LAN) IP address and a clearly defined route to the LAN. I should imagine performance wouldn't be up to much.

The 'proper' way, would (probably) be to give each server a physical, 2nd connection, to the LAN. (If there's no 2nd network card in the server, this could even be a USB network adapter...).

Hi all,

I have contacted draytek and they basically say that the draytek doesn't support what I want to do! Which is a bit crazy really.

It seems as though when a subnet is in routed mode it is in a seperate "zone" if you like that is not handled by pretty much anything inside, the packets are just relayed to and from, so that subnet is on the outside of the NAT in topology terms. Looks we'll have to ditch it and go back to our other setup.

Thanks for the help though!

hornbyp, the routing table on the Draytek shows the correct entries, it's just the draytek doesn't have the setup to work this way, as above.