< Knowledge Base

Forward VPN Traffic to Another Router on LAN

Published On: May 12, 2016 

Suppose the Vigor Router is used for LAN-to-LAN VPN connections, and there is a firewall router on the network act as the Internet Gateway. We want all the traffic to be sent to the firewall router first, especially those from the remote network. This article shows how to use Route Policy and forward the VPN traffic to another device on LAN.

Suppose the Vigor Router is used for LAN-to-LAN VPN connections, and there is a firewall router on the network act as the Internet Gateway. We want all the traffic to be sent to the firewall router first, especially those from the remote network. This article shows how to use Route Policy and forward the VPN traffic to another device on LAN.

network topology

Go to Routing > Load-Balance/Route Policy, click an index number to create a new policy. Configure the policy as follows:

  • Enable this policy.
  • Enter Source IP as the IP address of the remote network. Or you may leave the Source IP as Any so that this Route Policy will be applied to all the LAN clients including the local ones.
  • Leave Destination IP and Destination Port as Any.
  • Select Interface as the LAN where the firewall router is on.
  • Select Specific Gateway and enter the local IP address of the firewall router.
  • Set Priority to a number smaller than 150 to give this policy a higher priority than the Routing Table.
  • Click OK to save the configuration.
       

a screenshot of DrayOS

After the configuration, you may use the "tracert" command to see if the traffic pass the firewall router before it goes to the Internet.

To add a route policy to change the gateway, go to Routing >> Route Policy, click Add a rule as follows:

  • Input Profile Name
  • Check Enable
  • Select ALL for Protocol
  • Select ANY for Source Type
  • Select ANY for Destination Type
  • Select User Defined for Out-going Rule
  • Select lan1 for Out-going Interface
  • Input the LAN Gateway's IP address for Out-going (Gateway)
  • Select NAT for Mode
  • Check Disable for Failover to Next Rule.

After that, we can use command tracert -d 8.8.8.8 to check if the traffic to the Internet is going to the specified LAN Gateway.

a screenshot of traceroute

Was this helpful?     


Related Articles