How to Allow Routing Subnet to Access VPN

Vigor routers support VPN connections for clients connected to a LAN subnet through either NAT or Routing methods. The difference between these two is that for the NAT option the LAN IP address of the client is translated to a WAN IP address, whereas for the Routing option the LAN IP address of the client is kept the same. In other words, the Routing subnet is considered reachable above Router WAN, and VPN is made for access to the NAT subnet. So by default, only NAT subnet can access remote VPN network via the VPN connection.

routing LAN

In order to make routing LAN pass-through VPN, please enable ‘Pass Routing LAN to VPN’ in VPN and Remote Access>>LAN to LAN

allow routing LAN to VPN

There is also a command available, please enter ‘vpn pass2nd on’ to enable the option.

command to allow routing LAN to VPN

In addition to allowing routing LAN pass through VPN, we can also control packets to VPN remote network when VPN disconnects. When ‘Pass Packets to NAT when VPN disconnects’ is enabled, packets supposed to send over VPN will be sent to WAN when VPN disconnects; When it’s disabled, packets supposed to send over VPN will be dropped when VPN disconnects.

allow vpn packets to WAN

The command for this option is ‘vpn pass2nat on/off’

command to allow vpn packets to WAN

Published On:2020-02-25 

Was this helpful?     


Related Articles