Port Redirection over VPN to a host on the remote network

Vigor Routers support open port to a host on the remote network as long as the VPN tunnel established. Clients from the Internet can access specific ports through the WAN interface of the Vigor router, and the router will forward the traffic over the VPN to the remote network. It's the solution to allow internet access to the servers or resources on the remote network which doesn't have a public IP or its ISP blocks certain port.

Here is a scenario where this feature will be very useful. There is a company of which the warehouse in the suburbs, where the fixed-line internet service is not available, the network administrator can only use LTE as the internet source for the warehouse. The LTE only owns a virtual IP address, which makes accessing the surveillance system and inventory management system at the warehouse from the Internet very difficult.

But the company's office locates downtown, which has the fixed-line and a public IP address. So the network administrator constructs the VPN network between the office and warehouse, then, set up the office router to forward specific ports to the warehouse router. Then, the managers can access the warehouse's network to check the live footage and inventory information at any places as long as they connect to the Internet.

 

Dial-out site(VPN client):

1. Set up a VPN to remote network: Go to VPN and Remote Access >> LAN to LAN, click on an available index to add a new profile,

1. Give a Profile name and Enable it, then select a Call Direction
2. Select a VPN type and enter the required credentials.
3. Enter the WAN IP of remote router in Server IP/Host Name for VPN if Vigor Router is Dial-out site.

d. Enter Remote IP and Network Mask as remote router's LAN network.
e. Enter Local Network IP as the IP of Vigor Router.
 f. Enter Local Network Mask as the subnet mask of Vigor Router's LAN network.
g. Click OK to apply

2. Go to VPN and Remote Access >> Connection Management and use Dial-out tool to establish VPN connection

Dial-in site (VPN server):

1. Port Redirection Configuration: Go to NAT >> Port Redirection at VPN server.

1. Give a Service Name
2. Select a Protocol
3. Enter Public Port as the port to which Internet client should connect.
4. Enter Private IP as the IP of remote host.
5. Enter Private Port as the port to which remote host is listening.

NOTE:

Before we connect the VPN, please make sure if the Local Network IP in the router which is connected by Internet Client is set as the router's LAN IP. In this example, dial-in site server is connected by Internet Client. Thus the Local Network IP of dial-in site server must be set as 192.168.186.1 instead of other IP.

2. After the setting is finished, the remote host can be accessed by the Vigor Router's WAN IP with the defined public port.