I have a head office Vigor 2820 which we VPN into, but is on a shaky ASDL connection. They also have a second ADSL connection with a second router, this one is Netgear.

I'm trying to establish a VPN connection via the second router. On the Netgear router I have set up a rule to port forward VPN traffic to the LAN address of the Vigor, I can see from the firewall logs that it is triggering this rule when I attempt to connect from my end. The Vigor logs show no sign of receiving the VPN connection attempt. I've just realised the log I'm viewing is the "WAN" log so I don't know if this will show a VPN connection attempt through the LAN port.

Is what I'm trying to do even possible? Can the 2820 accept a VPN connection arriving on the LAN port? If so is there a log which would display it?

My other option is to connect WAN2 to the other (Netgear) router but this would result in WAN2 having the same subnet as LAN, unless we do some complicated wiring at Head Office end. Which in turn might make it difficult for this server to connect to the Domain Controller.

Edit: Router is a 2820n not 2920n as I originally typed. Incidentally both ends of the VPN have a 2820n.

Hi,

You can't connect a VPN via the LAN. The whole point of them is you are tunneling traffic over the WAN, so the VPN server only accepts connections from the WAN. In fact there is no processing of LAN traffic at all unless it is being routed in or out to the WAN.

I would suggest the best option for you is to get a Vigor 120 modem to replace the Netgear (or set the netgear to Bridge mode) and connect it to WAN2 of the 2820, then all WAN traffic is going through the 2820 and it should then work.


Paul

Thank you for your reply, I suspected that may be the case.

Head office use the Netgear (and the DSL line it is attached to) as their primary internet connection - including port forwarding to the exchange server. I am limited to what I can do with this router.

My other option is to connect WAN2 of the Draytek to the LAN side of the Netgear, change the subnet on the LAN side of the Draytek so it doesn't have routing issues. The Netgear is already port forwarding VPN traffic to the Draytek. As far as I'm aware the only machine using the Draytek is the terminal server we're connecting to, so should be able to change the LAN subnet without messing everyone up!

Thanks Again.