Hi There.
I've recently started at a company and I'm looking for advice.
I've only ever dealt with Dial in VPN and LAN to LAN for limited users at a basic level.

The company I'm working for now need to split out the ports (four different networks) and then setup Dial in VPN's
So I've sorted out the Networks/VLAN (Each physical LAN port gives out DHCP on a different range)

I've recently been told that sometimes they are going to want select users on LAN Port 2 to access everything on LAN Port 1.
Is it possible for users on LAN Port 2 to use a VPN to go out (Then back in) onto LAN Port 1?

If it was everyone that was allowed access I'm told that I could setup routing which would make everything visible but these users will temporarily be working (Contracted) to the other companies and then moved to another. (ETC)

TL:DR If there are 4 separate networks (1 per port) can you Dial a VPN to another port (even if it goes external first)

Sounds like you want to VPN from an internal LAN onto the router to then get access onto a different LAN. Not sure that's really how the VPN is intended to be used. The router listens on it's WAN IPs for VPN Dial-In's so you'd need to VPN to the router WAN IP. I'm not sure that would work, but you could try to see what happens. In the remote Dial-in User you can pick with subnet the dial in user is assigned to. I'm afraid I still don't think you'll get the VPN to establish though.

Is VPN required encryption reasons? Reason being, you can allow interLAN routing from LAN1 to LAN2 etc (using LAN > Inter0LAN Routing) and can firewall it to specific IP Addresses.

Hi!
Thanks for the response, I (Like yourself) figured that it probably wouldn't work.
I've tried it now and I'm unable to get a connection using any VPN method. So what I'd heard in the past about being on an IP and VPN'ing back to that IP not working was true.

I think your right with the routing, I think I'm going to have to use temporary routes for certain staff to gain access.
The need for the VPN connection was Encryption to the other company as they have sensitive data on their network.
Weirdly I setup a temporary OpenVPN firewall and put it between that companies switch and the draytek and then was able to Dial the draytek (Connect) and then dial to the OpenVPN box.

This might end up being the solution for this specific company as overcomplicated as it is?