Single-Arm VPN allows the router's VPN to work only on the WAN interface, instead of working on traffic sent between LAN and WAN. When doing single-arm VPN, traffic arrives on the WAN interface, gets encrypted, and sent out through the same WAN interface. It's the solution to add VPN compatibility to the network without replacing the Internet gateway.
Since 220.127.116.11 version firmware, Vigor Router supports single-arm VPN for PPTP (TCP 1723), IPsec (UDP 500 and 4500) and SSL (TCP 443 or user-defined). However, to use Single-Armed VPN, the Internet gateway must open the corresponding ports to Vigor Router, and create the static routing rule for the VPN traffic. This article demonstrates how to configure single-arm VPN with following topology
1. Go to VPN and Remote Access >> LAN to LAN and click an available index
2. To avoid LAN network conflict with WAN network, please change the LAN network of the Vigor Router.
3. Go to Routing > Route Policy and click an available index to add a new rule:
Go to VPN and Remote Access >> LAN to LAN and click an available index to add a new profile:
To make the single-arm VPN work, we must make the VPN traffic pass through the internet gateway and be sent to the VPN tunnel. Here we take a Vigor300B for example.
1. Go to NAT >> Port Redirection and click Add to create a new rule:
2. Go to Routing >> Static Route and click Add to create a new rule
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.