I have been thinking a lot about this, but non of my theoretical solutions have worked so far. Anybody has any ideas?
Here is the scenario:
Draytek 3100 at remote site, with remote LAN 192.168.2.0 behind it, connects to internet via 3G, but mobile provider provides non public IP, so Draytek 3100 sets up a LAN to LAN VPN with a Draytek 2920 in the office, with the office LAN 192.168.1.0 behind it.
It all works brilliantly, all office devices on 192.168.1.0 office LAN can see all remote devices on 192.168.2.0 remote LAN.
However, I want to allow TCP access for a third party to a device, say 192.168.2.10 on the remote LAN, but only on two ports, say 6000 and 6001.
Of course, if it was a device on the 192.168.1.0 office LAN, I could simply port forward the third party to that device, it being on the same subnet as the router/gateway. But it will not forward to 192.168.2.x, or if it does, nothing comes back.
I also tried to give the third party remote VPN access to the office LAN, in effect getting a 192.168.1.x IP address, but it still cannot access 192.168.2.x addresses. The furthest I got was the web interface of the remote Draytek 3100 router, but only when using the VPN routing address from the office router's routing table, which is a 192.168.1.x address. However, this seems to reach the remote router via a LAN port, as I could not do any port forwarding.
As you see, I have done some homework. Does anyone have any experience in this? Many many thanks for any support
