Enable ALG (Application Layer Gateway) on Vigor Router

Due to the protocols like SIP, RTSP and FTP are short of NAT-T, when the service server is behind NAT, the connection could fail. Application Layer Gateway (ALG) is the solution to this problem. With ALG enabled, the router will replace the private IP with public IP in the negotiation packet from the client and open dynamic TCP/UDP ports required for the connection.


Since firmware version 3.8.5, we have made a page for ALG feature. To enable, go to NAT >> ALG,

  1. Check Enable ALG
  2. Check Enable SIP/RTSP ALG, and input SIP/RTSP Listen Port per server settings, TCP and UDP are configurable.
a screenshot of DrayOS ALG Settings

Enable PPTP, IPSec, and FTP ALG

Vigor router will enable PPTP, IPsec, or FTP ALG if these local services are disabled and the service ports are set up to be forwarded the server on a LAN.

1. Disable local service. For PPTP/IPsec. go to VPN and Remote Access >> Remote Access Control, and un-check Enable PPTP/IPsec VPN Service

For FTP, go to System Maintenance >> Management and disable FTP server under Internet Access Control

2. Set up Open Ports for the service, go to NAT >> Open Ports and click any available index to edit

  1. Enable Open Ports
  2. Choose WAN interface
  3. Enter local server IP in Private IP
  4. Set Protocol, Start and End port to the Service Port of the service. (please refer to the information in the table below)
    Service Service Port (Required manual configuration) ALG (Opened by the router automatically)
    PPTP TCP 1723 GRE IP47
    IPsec UDP 500, 4500  ESP IP50
    FTP TCP 21 FTP data port

Published On:2017-07-04 

Was this helpful?   

book icon

Related Articles