DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN separate subnet (2860)
- matf
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
08 Dec 2015 13:50 #84904
by matf
VPN separate subnet (2860) was created by matf
Hi,
I am wanting to set up L2TP over ipsec vpn access for remote users on a 2860
I have set up the LAN with no DHCP server running as the AD DC provides internal DHCP.
Internal users are on 10.0.0.0/255.255.255.0
We want the users for the VPN to have an IP from the range 10.2.0.0/255.255.255.0
Is this possible? When I go through the setup for this, and give the wanted range out, the users are unable to connect to internal services. I assume I need to add a route in somewhere?
Also as a side question, is it possible with an L2TP user VPN to have the Remote users authenticate via Active Directory? When I look through the docs it seems I would have to choose PAP authentication only, which is unencrypted? Am I just misunderstanding something?
-edit- Forgot to mention we are wanting to use Windows built in VPN client.
Kind Regards,
Mat
I am wanting to set up L2TP over ipsec vpn access for remote users on a 2860
I have set up the LAN with no DHCP server running as the AD DC provides internal DHCP.
Internal users are on 10.0.0.0/255.255.255.0
We want the users for the VPN to have an IP from the range 10.2.0.0/255.255.255.0
Is this possible? When I go through the setup for this, and give the wanted range out, the users are unable to connect to internal services. I assume I need to add a route in somewhere?
Also as a side question, is it possible with an L2TP user VPN to have the Remote users authenticate via Active Directory? When I look through the docs it seems I would have to choose PAP authentication only, which is unencrypted? Am I just misunderstanding something?
-edit- Forgot to mention we are wanting to use Windows built in VPN client.
Kind Regards,
Mat
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
08 Dec 2015 17:04 #84907
by admin
Forum Administrator
Replied by admin on topic Re: VPN separate subnet (2860)
I'm not sure you can do it for teleworkers (as opposed to LAN-to-LAN) but I'm interested in why you want to do that rather than the users get an IP address in the main subnet.
Forum Administrator
Please Log in or Create an account to join the conversation.
- matf
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
08 Dec 2015 17:13 #84908
by matf
Replied by matf on topic Re: VPN separate subnet (2860)
I think in this case it was that there wasn't enough availablility within the main DHCP scope to accommodate all the remote workers.
Also maybe if you wanted to restrict VPN users from certain services (allow file sharing, but block RDP access for VPN users, for example). I figured this could be done via firewall rules, and if the VPN users were part of the main subnet you'd not be able to acheive this.
KR,
Mat
Also maybe if you wanted to restrict VPN users from certain services (allow file sharing, but block RDP access for VPN users, for example). I figured this could be done via firewall rules, and if the VPN users were part of the main subnet you'd not be able to acheive this.
KR,
Mat
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
08 Dec 2015 17:33 #84909
by admin
Forum Administrator
Replied by admin on topic Re: VPN separate subnet (2860)
I was thinking it might be the latter. Anyway, I'm not sure it is possible but check with support if no-one here knows.
Forum Administrator
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek