Hi

having recently tightened up security at my work place, I found that the VPN traffic between my home and the office was aslo subjected to the firewall rules.
The same applied to the VPN the MD has to home.
I have had to create a firewall rule to open up the VPN again.
Is this the way it is supposed to work?

Ideally I would like a VPN connectio to override the firewall settings, is there a way to allow this, or must I create a pass all rule in the firewall to allow
any traffic to/from the VPN remote subnet?

Thanks

Dave

Hello Dave,

This is normal behaviour.

When a Dial in VPN tunnel is active... traffic first goes through to your work place via the VPN tunnel, and then 'out' through that routers WAN connection. Being subjected to the normal restrictions of the works firewall. For example, if you establish the VPN tunnel and then type 'what is my IP' into google; you will find that the IP address listed is that of your Work router, not your home one.

Now, for ways to get round this:

The simplest way is to assign a static IP address to the VPN user. This can be done from the dial-in user configuration page on the router. you would then create a firewall rule which is set to 'pass immediately' and specifies that IP address. Provided this rule is placed at the start of the firewall filter list this should then allow all traffic from the VPN to be passed without further filtering.

Hi Frag

Thanks for the reply.
However I do not think I explained the situation well.

The VPN from Home to the Office is from Vigor to Vigor, it is not from, for ex. a microsoft PPTP client to the Vigor in the office.

The traffic subjected to the firewall rules was not from home bound for the internet, but just my applications at home trying to communicate with the servers in the office, so really all "internal" traffic.

Dont think I really made that clear in the OP sorry!