DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Is SSL Tunnel possible here?

  • legal
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 May 2011 15:04 #67984 by legal
Is SSL Tunnel possible here? was created by legal
Thinking of upgrading to a 2830 at main site to service incoming remote workers. At present this is configured via a 2820 which allows VPN passthough as the router sits externally to the network on a 2nd NIC which is the external side of Microsoft's ISA firewall. I like this feeling of security although I know many will say that the Draytek will provide this!

What I am now wanting is for the VPN access to be more "generic" ie using SSL and also to use one time passwords etc, but 2 issues:-

1. I assume that to use shared resources on a network you need to use SSL Tunnel rather than just webproxy?

2. I want to retain the existing "layered" approach - so can I get a 2830 to create a SSL tunnel, and then forward on that tunnel to the external NIC of the firewall server which guards the internal network? - I'm thinking this must be similar to the way passthrough on PPTP works in that you set up a Port Redirection so that the specified traffic gets redirected to teh correct private IP address (ie the external/2nd NIC)

Any thoughts, other than "just use the Draytek on the network"!!?

Thanks

Please Log in or Create an account to join the conversation.

More
31 May 2011 16:40 #67989 by nobody
Replied by nobody on topic Re: Is SSL Tunnel possible here?
If I understand you correct, you want to keep the extisting setup, but use SSL VPN as an addition to PPtP and maybe use the Draytek as an SSL web-proxy for accessing files ?

The ssl should work simply be redirecting the port you use for SSL VPN to the router.
The daytel SSL VPN works very nice even with a non standard port. So, if port 443 is already in use, you can use 8443 or whatever port, and in the smart-VPN client you enter it as servername:port.

If you want to use the 2930 as a web-proxy for SMB access:
This ist not possible, 2930 does not support this feature, buy a 2950/2955 instead. With the 2950 you can login using a webbrowser an access an SMB share behind the router.
(for non english or non taiwanese charachter sets there are a few problems: filenames are named strange if they contain umlauts)

Please Log in or Create an account to join the conversation.

  • legal
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 May 2011 16:44 #67990 by legal
Replied by legal on topic Re: Is SSL Tunnel possible here?

nobody wrote:
This ist not possible, 2930 does not support this feature, buy a 2950/2955 instead. With the 2950 you can login using a webbrowser an access an SMB share behind the router.
(for non english or non taiwanese charachter sets there are a few problems: filenames are named strange if they contain umlauts)



Was actually the 2820 (not 2930) I was thinking off - does that make any difference?

Please Log in or Create an account to join the conversation.

More
31 May 2011 17:19 #67991 by nobody
Replied by nobody on topic Re: Is SSL Tunnel possible here?
I thought you want to replace the 2820 with a 2930 (2820 does not support SSL VPN) ?

Please Log in or Create an account to join the conversation.

  • legal
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 May 2011 17:24 #67992 by legal
Replied by legal on topic Re: Is SSL Tunnel possible here?

nobody wrote: I thought you want to replace the 2820 with a 2930 (2820 does not support SSL VPN) ?



No, I want to replace it with the 2830 (the new adsl router which I believe does support SSL)

Please Log in or Create an account to join the conversation.

More
31 May 2011 17:35 #67994 by nobody
Replied by nobody on topic Re: Is SSL Tunnel possible here?
AFAIK, the 2830 does not support SSL VPN.
only 2930, 295x, 3200

check the features:
http://www.draytek.com/user/PdInfoDetail.php?Id=126#
or the live web demo:
http://www.draytek.com/.upload/Demo/Vigor2830/v3.3.6/

I find nothing about SSL VPN.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami