DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
"one way" LAN to LAN VPN
- mjwilde
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank yous received: 0
27 Apr 2011 16:20 #67480
by mjwilde
"one way" LAN to LAN VPN was created by mjwilde
Hi all,
Is there any way I can have 2 remote LANs, A and B, and give computers on A complete access to LAN B, but give computers on B no access to LAN A?
I am using Vigor 2900 at one end (B) and 2820 at the other (A) and currently have an IPSec tunnel configured so both LANs can see each other.
Many thanks for your help
Matthew
Is there any way I can have 2 remote LANs, A and B, and give computers on A complete access to LAN B, but give computers on B no access to LAN A?
I am using Vigor 2900 at one end (B) and 2820 at the other (A) and currently have an IPSec tunnel configured so both LANs can see each other.
Many thanks for your help
Matthew
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank yous received: 0
04 May 2011 11:22 #67570
by admin
Forum Administrator
Replied by admin on topic Re: "one way" LAN to LAN VPN
No, a IP layer router can't do that because in order for computer A to talk to computer B, all traffic has to be allowed between them and the router can't tell the difference between reply/stateful packets and data being read. You have to do it at the OS (or other higher) layer, most simply by just by only giving shared access to those computers/users local or remote who should have access.
Forum Administrator
Please Log in or Create an account to join the conversation.
- nobody
- Offline
- Member
Less
More
- Posts: 115
- Thank yous received: 0
05 May 2011 09:04 #67592
by nobody
Replied by nobody on topic Re: "one way" LAN to LAN VPN
I thought that should be possible:
The side A, where the Network should have complete access to the remote network, setup the Lan2Lan connection under "TCP/IP Network settings", "From first subnet to remote network you have to use": "NAT", instead of "Route".
on side B, where no connection to A should be possible, set to "Route".
Side B should be able to access the Router of side A, but nothing else.
Side A shoule be able to access lan B through NAT.
Nat is not the same as routing, but, for most cases it should be sufficent.
The side A, where the Network should have complete access to the remote network, setup the Lan2Lan connection under "TCP/IP Network settings", "From first subnet to remote network you have to use": "NAT", instead of "Route".
on side B, where no connection to A should be possible, set to "Route".
Side B should be able to access the Router of side A, but nothing else.
Side A shoule be able to access lan B through NAT.
Nat is not the same as routing, but, for most cases it should be sufficent.
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank yous received: 0
05 May 2011 10:32 #67594
by admin
Forum Administrator
Replied by admin on topic Re: "one way" LAN to LAN VPN
Interesting....that indeed might work; it depends on whether Netbios plays nicely I guess.
Forum Administrator
Please Log in or Create an account to join the conversation.
Moderators: Chris
Copyright © 2025 DrayTek