We have launched the new version of the DrayTek website, and this content is no longer being maintained.
You will find more information on our new site; however, we will keep this page for a few months.

How to enable ALG (Application Layer Gateway)?

Due to the protocols like SIP, RTSP and FTP are short of NAT-T, when the service server is behind NAT, the connection could fail. ALG is able to resolve this issue. With ALG enabled, Vigor router will replace the private IP with public IP in the negotiation packet from the client and open dynamic TCP/UDP ports required in the connection.



Since 3.8.5 version firmware, we have made a page for ALG feature, please go to NAT >> ALG,

  1. Enable ALG
  2. Enable SIP/RTSP ALG, then SIP/RTSP listen port, TCP and UDP are configurable



For PPTP, IPSec, and FTP ALG

Vigor router will enable PPTP, IPsec, or FTP ALG if these local service are disabled and the service ports are set up to be forwarded to the local hosts. 

1. Disable local service. For PPTP/IPsec. go to VPN and Remote Access >> Remote Access Control, and disable PPTP/IPsec VPN service


   For FTP, go to System Maintenance >> Management and disable Internet Access Control >> FTP server


2. Set Open Ports for PPTP/IPSec/FTP service, go to NAT  >> Open Ports and click any available index

  1. Enable Open Ports
  2. Choose WAN interface
  3. Enter local PPTP/IPSec/FTP server IP in Private IP
  4. Set Protocol, Start and End port for PPTP/IPSec/FTP service (please find the relative information in the table below)


  Service Port ALG
PPTP 1723/TCP Protocol 47(GRE)
IPsec 500, 4500/UDP   Protocol 50(ESP)
FTP 21/TCP  FTP data port


Was this article helpful?
135How to enable ALG (Application Layer Gateway)? has been viewed------ 135 ------times.