How to do port redirection to a host on the remote network?
Vigor Routers support open port to a host in remote network. It is possible to allow internet clients to access the servers or resources on the remote network, even the remote router does not have a public IP or certain port is blocked by its ISP. Clients from the internet can access the certain port through the WAN interface of Vigor router, it will help to forward the traffic to the remote network. After the VPN tunnel is established, open port can be set to an IP in remote network, we only need to make sure the Local Network IP in LAN-to-LAN VPN settings is set to Vigor Router's LAN IP.
Here is a scenario where this feature will be very useful. There is a company which has two sites, one is the office locates downtown, which has the physical line and obtain the public IP address; the other is the warehouse in the suburbs, where the physical line is not available, network administrator use the LTE network as the internet source for the warehouse, and only owns the virtual IP address. There are security cams installed surrounding the warehouse, also the inventory management system is placed here. Due to the router at the warehouse does not have the public IP address, the managers are not able to access the system and check the live footage if they are not in the warehouse. Therefore, the network administrator construct the VPN network between the office and warehouse, then, set up the office router to forward some of the ports to the warehouse router. Then, the managers are able to access the warehouse security cams and the inventory management system at any places as long as they connect to the internet.
(For Vigor3900 and Vigor2960, please refer to the article here.)
1. Set up a VPN to remote network: Go to VPN and Remote Access >> LAN to LAN, click on an available index to add a new profile,
- Give a Profile name and Enable it, then select a Call Direction
- Select a VPN type and enter the required credentials.
- Enter the WAN IP of remote router in Server IP/Host Name for VPN if Vigor Router is Dial-out site.
- Enter Remote IP and Network Mask as remote router's LAN network.
- Enter Local Network IP as the IP of Vigor Router.
- Enter Local Network Mask as the subnet mask of Vigor Router's LAN network.
- Click OK to apply
2. Go to VPN and Remote Access >> Connection Management and use Dial-out tool to establish VPN connection
3. Port Redirection Configuration: Go to NAT >> Port Redirection at VPN server.
- Give a Service Name
- Select a Protocol
- Enter Public Port as the port to which Internet client should connect.
- Enter Private IP as the IP of remote host.
- Enter Private Port as the port to which remote host is listening.
4. After setting is finished, the remote host can be accessed by the Vigor Router's WAN IP with the defined public port.