How to Allow Routing Subnet to Access VPN

Vigor routers support VPN connections for clients connected to a LAN subnet through either NAT or Routing methods. The difference between these two is that for the NAT option the LAN IP address of the client is translated to a WAN IP address, whereas for the Routing option the LAN IP address of the client is kept the same. In other words, the Routing subnet is considered reachable above Router WAN, and VPN is made for access to the NAT subnet. So by default, only NAT subnet can access remote VPN network via the VPN connection.

In order to make routing LAN pass-through VPN, please enable ‘Pass Routing LAN to VPN’ in VPN and Remote Access>>LAN to LAN

There is also a command available, please enter ‘vpn pass2nd on’ to enable the option.

In addition to allowing routing LAN pass through VPN, we can also control packets to VPN remote network when VPN disconnects. When ‘Pass Packets to NAT when VPN disconnects’ is enabled, packets supposed to send over VPN will be sent to WAN when VPN disconnects; When it’s disabled, packets supposed to send over VPN will be dropped when VPN disconnects.

The command for this option is ‘vpn pass2nat on/off’