Restrict Remote VPN Connection from a Specific Domain name

How could a network administrator know the VPN connection is created from a known IP? Vigor Router can limit the VPN remote dial-in connection to only be created from a specified IP address but this setting won't work for the VPN clients that use the dynamic IP address. Vigor3910/2962 supports specifying the remote VPN Peer by Domain name both in the LAN to LAN and Host to LAN profile. The network administrator can specify the domain name of the remote VPN client on the router, then Vigor3910/2962 will resolve the configured domain name and check if the VPN client IP is dialing from that IP. We will demonstrate how to use the feature in this article.

Support List :

Vigor2962 :3.9.6.x, 4.3.x
Vigor3910 :3.9.6.x, 3.9.7.x, 4.3.x

1. Go to Objects Setting >> String Object and create a string object with Remote VPN client’s Domain name. It’s draytekfae.ddns.net in this example.

2. Go to VPN and Remote Access >> Remote Dial-in User create a user account.

Enable this account.
Set Username and Password.
Tick Specify Remote Node and select the Domain Name.
Click Select to choose the string object created on step1.
Click OK.

Now the remote user whose device is under this specified Domain Name can establish the VPN connection.

If the dial-in user's IP is not matched to the domain name setting in the VPN user profile, the router will disallow this user to connect.

Network Administrator can see the syslog show the message below:

Published On:2021-05-18

Was this helpful?

Restrict Remote VPN Connection from a Specific Domain name

Related Articles

Allow VPN Remote Dial-In connections only during Working Hours

Restrict Remote VPN Network's Access to Specific IP

Assign a Fixed IP Address to Remote Dial-in VPN Clients

Related Article

Products

Resources

About