DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Segregate VPN to VLAN or address range

  • steve_west
  • Topic Author
  • User
  • User
More
09 Apr 2012 13:59 #1 by steve_west
Segregate VPN to VLAN or address range was created by steve_west
I want to set up a 2820 so that the LAN-to-LAN VPN is only accessible by certain connected devices.

Is it possible to bind the VPN to a VLAN or to an IP address range?

Please Log in or Create an account to join the conversation.

More
10 May 2012 14:30 #2 by blackhat72
Replied by blackhat72 on topic Re: Segregate VPN to VLAN or address range

steve_west wrote: I want to set up a 2820 so that the LAN-to-LAN VPN is only accessible by certain connected devices.

Is it possible to bind the VPN to a VLAN or to an IP address range?



What exactly is the application that you're trying to access via the vpn, and presumably the network at the remote end ?
Technical Consultant.

www.fahrenheit-it.com

Please Log in or Create an account to join the conversation.

  • steve_west
  • Topic Author
  • User
  • User
More
10 May 2012 15:10 #3 by steve_west
Replied by steve_west on topic Re: Segregate VPN to VLAN or address range
I have a LAN-to-LAN VPN connecting my home 2820 to my office 2820. I access a range of services on the office LAN from home (file server, mail server, intranet). The office LAN also accesses my home network for nightly rsync backup to a NAS box.

I want to exclude a few of the devices at home from accessing the VPN (eg my son's computer and our guest wireless access point).

I imagine I could separate these off either using VLANs (as they connect to different ethernet ports), or by excluding certain IP address ranges.

cheers, Steve

Please Log in or Create an account to join the conversation.

More
10 May 2012 15:19 #4 by blackhat72
Replied by blackhat72 on topic Re: Segregate VPN to VLAN or address range

steve_west wrote: I have a LAN-to-LAN VPN connecting my home 2820 to my office 2820. I access a range of services on the office LAN from home (file server, mail server, intranet). The office LAN also accesses my home network for nightly rsync backup to a NAS box.

I want to exclude a few of the devices at home from accessing the VPN (eg my son's computer and our guest wireless access point).

I imagine I could separate these off either using VLANs (as they connect to different ethernet ports), or by excluding certain IP address ranges.

cheers, Steve




Steve.. Try this
on the 2820 at remote office end.
Click _Firewall_ - > FIlter Setup > Filter set 3..

then create yourself a filter.

Dan
Technical Consultant.

www.fahrenheit-it.com

Please Log in or Create an account to join the conversation.

  • steve_west
  • Topic Author
  • User
  • User
More
10 May 2012 15:38 #5 by steve_west
Replied by steve_west on topic Re: Segregate VPN to VLAN or address range
Thanks Dan. I'll have a bash at it tonight.

cheers, Steve

Please Log in or Create an account to join the conversation.

  • steve_west
  • Topic Author
  • User
  • User
More
13 May 2012 12:31 #6 by steve_west
Replied by steve_west on topic Re: Segregate VPN to VLAN or address range
No luck with this yet.

I've tried setting up a Firewall filter rule on my home Draytek that blocks all but the authorised IP addresses, but I can't get it to work. This would seem to be the right config, but it doesn't block anything:

Direction: LAN/RT/VPN -> LAN/RT/VPN
Source IP: (unauthorised IP address ranges using IP Group)
Destination IP: (entire subnet at the other end of the VPN)
Filter: Block immediately

I also tried setting direction as LAN/RT/VPN ->WAN and destination to the remote Draytek's IP address, but that doesn't work either.

Can anyone suggest what I'm doing wrong?

Shame there doesn't seem to be a way of doing this with VLANs (or is there?).

Please Log in or Create an account to join the conversation.