DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2820n VPN with no NAT / public IPs

  • proactive services
  • Topic Author
  • User
  • User
More
19 Sep 2011 14:13 #1 by proactive services
2820n VPN with no NAT / public IPs was created by proactive services
Hiya,

My LAN to LAN and remote dial-in user VPNs were working until I moved from NAT to public IPs. I've re-flashed the 3.3.5.2_232201 firmware to default settings and set-up a basic PPTP dial-in user which connects and can ping the router, but cannot contact any client PCs.

My ISP allocates a single static IP on 81.187.255.134, which is assigned to the router on the ADSL link and routes me 81.2.77.128/27. The router then uses 81.2.77.128 as it's public IP address. I don't seem to be able to leave the "For NAT usage" settings blank despite the fact that I do not use NAT on my network.

I want to just be able to set-up my public IP block in the 1st IP address, leaving the second blank, but this doesn't work.

Current settings are:
LAN IP Configuration:
1st IP address: 81.187.255.134
1st subnet mask: 255.255.255.255
For IP routing usage: Enable
2nd IP address: 81.2.77.129
2nd Subnet mask: 255.255.255.224
DHCP server enabled. No relay agent set.
Start IP address: 81.2.77.130
Pool counts: 29
Gateway IP address: 81.2.77.129

Local computers can access the Internet just fine with their public IPs. The remote dial-in user is given the following IP settings by the router:
IP address: 81.2.77.132
Subnet mask: 255.255.255.255
Default gateway: 0.0.0.0
DNS servers: (my ISP's DNS servers)

Am I misunderstanding the 2820n's config requirements when using public IPs or does it need odd settings to get this to work?

Please Log in or Create an account to join the conversation.

  • brscarl
  • User
  • User
More
22 Sep 2011 10:13 #2 by brscarl
Replied by brscarl on topic Re: 2820n VPN with no NAT / public IPs
Not sure i fully comprehend your situation but:

Point 1.

If you are given a single public IP from your ISP with a netmask of 255.255.255.255
as you suggest then you have only 1 endpoint and NEED to use NAT. Maybe you
should check with your provider the details of what you have.

Point 2.

Assuming you have a multiple public IPs you can setup the draytek to use NAT and also
simultaneously use non-NAT.

Set 1st IP address as a normal NAT setup with a private address range and set the 2nd IP address
as your public range. e.g. 2nd IP Address 1.1.1.201 and 2nd Subnet Mask 255.255.255.248
This way any nic connected to the router's switch can set the IP address to 1.1.1.202 through 1.1.1.206
with 1.1.1.201 as the gateway and connect.

Good Luck

Please Log in or Create an account to join the conversation.

  • proactive services
  • Topic Author
  • User
  • User
More
22 Sep 2011 17:02 #3 by proactive services
Replied by proactive services on topic Re: 2820n VPN with no NAT / public IPs
Hi, thanks for the reply. To clarify I have a single public IP and a block of IPs so have no need to use NAT. The idea of getting the block was to remove NAT from my network but it seems to have caused more problems than it solves!

Please Log in or Create an account to join the conversation.