Restrict Remote VPN Connection from a Specific Domain name

How could a network administrator know the VPN connection is created from a known IP? Vigor Router can limit the VPN remote dial-in connection to only be created from a specified IP address but this setting won't work for the VPN clients that use the dynamic IP address. Vigor3910/2962 supports specifying the remote VPN Peer by Domain name. The network administrator can specify the domain name of the remote VPN client on the router, then Vigor3910/2962 will resolve the configured domain name and check if the VPN client IP is dialing from that IP. We will demonstrate how to use the feature in this article.

1. Go to Objects Setting >> String Object and create a string object with Remote VPN client’s Domain name. It’s draytekfae.ddns.net in this example.

2. Go to VPN and Remote Access >> Remote Dial-in User create a user account.

Now the remote user whose device is under this specified Domain Name can establish the VPN connection.

 

If the dial-in user's IP is not matched to the domain name setting in the VPN user profile, the router will disallow this user to connect.

Network Administrator can see the syslog show the message below:

Published On:2021-05-18 

Was this helpful?     


Related Articles