[Vigor3900]How to allow the remote VPN network to access specific local server only?

Support Model : Vigor2960Vigor3900Vigor300B

VPN provides a convenient and secure connection between local network and remote network. Once VPN is up, the remote network can access all the devices on the local network and vice versa. But what if we only want one specific server to be accessed by the remote VPN network? This document will demonstrate how to restrict the remote VPN users to access specific local server only and do not reach the rest of the network devices. Vigor Router can do it by VPN and by Firewall rule. Below is the example:

(This setup applies to Vigor3900, Vigor2960, and Vigor300B. For other models, please refer to the aritcle here.)

   

Method 1: By VPN Configurations

On the VPN LAN to LAN profile of the Vigor Router in Branch Office, change the remote network IP from the whole network to the server's IP only.

   

On the VPN LAN to LAN profile of the Vigor Router in Head Office, change the local network IP from the whole network to the server's IP only as well.

   

When VPN is up, Branch Office Router will only have the route to the server IP 192.168.188.10/32 so that the clients in Branch Office can only access the server and cannot access the others.

   

Method 2: By Firewall Rule

1. We could create the firewall rule on head office router to limit the connection from the branch office. Go to Firewall>> Filter setup page, choose IP filter and add a new group

   

2. Add new rule

  • set the Branch Office subnet address in Source IP
  • set Server subnet address to Destination IP.
  • Action set to Block if No Further Match
       

 


3. Add the second rule

  • set the Branch Office subnet address in Source IP,
  • set Server IP address to Destination IP.
  • Action set to accept
       

4. After these settings the clients in Branch Office can only access the server and cannot access the others.

Was this article helpful?
35[Vigor3900]How to allow the remote VPN network to access specific local server only? has been viewed------ 35 ------times.