I'm trying to configure a 2860 as a Travel Router so to provide a LAN to LAN VPN using WLAN on WAN 2. This will provide a UK proxied WLAN abroad (with the help of a Vigor AP900) and all works and is configured fine VPN-wise. For normal WLAN connections and when testing using a mobile phone hotspot all works fine however when connecting to a WLAN that uses Captive Portals, as most do in hotels etc, the WLAN won't pass traffic until either a click through or T&C acceptance is approved by the user which is where I'm coming stuck and wondering what I need to enable to allow ports 8843 and/or 8880 through from the WAN. I don't think the 2860 supports the 'WAN IP alias' feature which would, whilst needing configuring on a use by use basis, would allow reachthrough to the Captive Portal presented on the WAN IP.

Any input would be really helpful.

Maybe not quite the answer, but did you know that windows 10 (and 11) support Hotspots, so you can effectively connect your laptop to a captive portal (and tick the Yes for T&Cs, etc) and then re-share the wifi connection without the captive portal.

Granted that won't cover the VPN back to the UK.

Thanks, I was aware of this but won't sort my VPN issue out. Another option is to clone the MAC address of my old phone so it's identical to that of the Router, use the phone to get past the Captive Portal and then the Router should work ok. I just think there's an easier way with NAT on the Router itself.

Can you just 'dial' the VPN manually, once you've accessed the Captive Portal screen (from a client on the 2860 LAN)? Admittedly, this is a little 'clunky' if you do it via the 2860's GUI, but how often would you need to do it?

In any case, when set to 'auto-dial', doesn't it just keep trying until such time as the Captive Portal has been accessed?

What is the significance of Ports 8843 and 8880 and what would need to access them? (Allowing them "through from the WAN" is surely just a matter of configuring 'NAT >> Open Ports >> Edit Open Ports' or 'NAT >> Port Redirection')

The VPN bit is sorted, it's forwarding the Capitve Portal's through the NAT so I can access them on the LAN side of things where I'm having difficulty. Excuse me if I'm sounding dumb but if, for example, I forward the two address ranges through to an internal LAN IP (ie 192.168.10.3) and then browsed to 192.168.10.3:8843 behind the Router will this work or does the forwarding need to be assigned to the address the physical device is assigned which is accessing the Portal, in this case my laptop.

I'm not at all sure I understand what you're trying to do here...
...perhaps a diagram is in order?

Anyway...
You don't forward 'address ranges', you forward Ports (or ranges of Ports). You don't (can't!) browse to addresses behind the (NAT) Router (because there is no actual routing information that allows you do that). Instead, you access the NAT Router's WAN port IP address (the address it acquired from the hotel or whatever's NAT Router.)

So if the WAN port has an address of 10.0.0.1 and the Vigor 2860 Port forwarding for port 8843 is to 192.168.10.3 port 8843, you would access 10.0.0.1:8843 (though since this is not likely to be a real world IP address, there is no practical way to do that).

Why do want to 'forward the Captive Portal' through the NAT? The Captive Portal is what you end up connected to, when you attempt to access port 80 (at any address at all, that is not on the 2860's LAN). No special rules are needed to communicate with this Captive Portal - it's just bog-standard NAT'ing - it knows you made an outbound connection and so maps the inbound response accordingly.