Hi,
Sorry if this has been answered, I have searched without success...

I'm having trouble configuring a firewall and VPN on my 2860AC router..

I have a mailserver which was getting lots of unwanted attention, so I bought the Draytek router for my BT Infinity line as the Home Hub firewall is useless.

I've configured the firewall to block all WAN traffic to the mailserver (with "block if no further match"), followed by another rule which passes all traffic from a group I've created with whitelisted IP addresses - which includes my local subnet (192.168.0.2 - 255)..

The problem is, I still need to be able to access my email when I'm out, either on my iphone or my laptop.. so I configured the VPN for remote dial-in.. the VPN on the iphone works, and I'm given an IP address of 192.168.0.5, so I can connect to the mailserver by it's IP address via it's web interface.. but my firewall blocks me from connected via imap (port 143) using the iphone mail.

I think the firewall is still seeing my iphone with an external IP address, rather than the local IP address the VPN has allocated it.. How can I fix this so I can access my email remotely, while blocking everyone else?

The firewall doesn't block internal traffic (i.e. within your local subnet).

I think the firewall is still seeing my iphone with an external IP address

Is the iPhone trying to connect to your private IP address or your public/WAN address? If the former, it will use the VPN (if up and configured correctly on the phone) and will appear to your mail server with its VPN private address.