DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

"one way" LAN to LAN VPN

  • mjwilde
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Apr 2011 16:20 #67480 by mjwilde
"one way" LAN to LAN VPN was created by mjwilde
Hi all,

Is there any way I can have 2 remote LANs, A and B, and give computers on A complete access to LAN B, but give computers on B no access to LAN A?

I am using Vigor 2900 at one end (B) and 2820 at the other (A) and currently have an IPSec tunnel configured so both LANs can see each other.

Many thanks for your help

Matthew

Please Log in or Create an account to join the conversation.

More
04 May 2011 11:22 #67570 by admin
Replied by admin on topic Re: "one way" LAN to LAN VPN
No, a IP layer router can't do that because in order for computer A to talk to computer B, all traffic has to be allowed between them and the router can't tell the difference between reply/stateful packets and data being read. You have to do it at the OS (or other higher) layer, most simply by just by only giving shared access to those computers/users local or remote who should have access.



Forum Administrator

Please Log in or Create an account to join the conversation.

More
05 May 2011 09:04 #67592 by nobody
Replied by nobody on topic Re: "one way" LAN to LAN VPN
I thought that should be possible:
The side A, where the Network should have complete access to the remote network, setup the Lan2Lan connection under "TCP/IP Network settings", "From first subnet to remote network you have to use": "NAT", instead of "Route".
on side B, where no connection to A should be possible, set to "Route".

Side B should be able to access the Router of side A, but nothing else.
Side A shoule be able to access lan B through NAT.
Nat is not the same as routing, but, for most cases it should be sufficent.

Please Log in or Create an account to join the conversation.

More
05 May 2011 10:32 #67594 by admin
Replied by admin on topic Re: "one way" LAN to LAN VPN
Interesting....that indeed might work; it depends on whether Netbios plays nicely I guess.



Forum Administrator

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami