DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2860ac connection including VPN only works in one direction

  • dchester
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Dec 2015 09:30 #84978 by dchester
Hi, can someone please help me?

I have for a few years had a LAN-LAN (PPTP) connection with a customer from my DrayTek 2930 Vn to their 2850 n and this has worked with no problems.

Problem 1:
I wanted to upgrade my router to a 2860ac and as I have servers using real IPs exposed to the internet, I set up the IP Routed Subnet as per the docs. The servers could see the internet fine, but nothing in the outside world could see the servers. I then tried with the other method of setting it up as a VLAN. I had exactly the same problem. So I was forced to switch back to my 2930 Vn which again worked fine.

Problem 2:
Last week I tried to install a DrayTek 2860ac at this client's owner's home for VPN and remote backup purposes. So I set up the PPTP VPN at both ends and this sprang to life instantly. I then installed a Synology NAS drive which had preciously been working just fine at my office over the 2930 VPN in the boss's home. I can see the NAS drive fine from inside the home's local network and I can see the servers on their office network. The office network, however, cannot see the NAS drive. I can ping the private IP of the 2860 though.

I believe these two problems are related. It seems that the 2860 is blocking incoming traffic whether on real IPs or over the VPN.

I am using different subnets on all networks.

Can anyone help please? It's doing my head in!

Thanks

David

Please Log in or Create an account to join the conversation.

More
21 Dec 2015 12:28 #84982 by williamt
I don't have a 2860 but would have thought the general principal would be the same as previous versions.
The Vigor routers will block all unsolicited incoming traffic by default so you must have set some firewall rules in the previous routers to allow (specific) traffic into the servers.
You say the servers have real IPs exposed to the internet. Do you have a block of Public IP addresses or just one Public IP address? Does it mean the servers have Public IPs exposed to the internet directly, or do they have Private IPs which use NAT to a Public IP which is exposed to the internet.
If NAT is being used then you need to setup the (specific) ports you want to allow from the internet in NAT / Port Redirection.

Please Log in or Create an account to join the conversation.

Moderators: Sami