DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Port Forwarding over VPN link
- michel_vandamme
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
21 Jun 2010 15:34 #62432
by michel_vandamme
Port Forwarding over VPN link was created by michel_vandamme
Hi,
I could really do with a bit of help on this one.
The scenario is as follows:
I have a Draytek 2820 on site A and a 2900 router on Site B. The routers are linked through an IPSEC VPN tunnel. The 2900 is set to "dial-in" to the 2820. And the tick at the bottom of the Lan-Lan VPN is set to direct all traffic through the VPN link.
Site A (2820) has internal IP range of 172.16.12.x, 255.255.255.0
Site B(2900) has internal IP range of 172.16.200.x, 255.255.255.0
The MX record for my mail system is to a WAN alias on my 2820 router in site A. I have moved our mail server over to Site B, however I need to find a method of directing all SMTP, POP3, IMAP, etc traffic across the VPN to Site B and then have the "outbound" IP address which SMTP responds from that of the 2820 router.
I have looked at the port forwarding on the 2820 router and it doesn't allow you to forward across networks.
Can anyone advise as to how I get the above scenario to work ?
Thanks
Michel
I could really do with a bit of help on this one.
The scenario is as follows:
I have a Draytek 2820 on site A and a 2900 router on Site B. The routers are linked through an IPSEC VPN tunnel. The 2900 is set to "dial-in" to the 2820. And the tick at the bottom of the Lan-Lan VPN is set to direct all traffic through the VPN link.
Site A (2820) has internal IP range of 172.16.12.x, 255.255.255.0
Site B(2900) has internal IP range of 172.16.200.x, 255.255.255.0
The MX record for my mail system is to a WAN alias on my 2820 router in site A. I have moved our mail server over to Site B, however I need to find a method of directing all SMTP, POP3, IMAP, etc traffic across the VPN to Site B and then have the "outbound" IP address which SMTP responds from that of the 2820 router.
I have looked at the port forwarding on the 2820 router and it doesn't allow you to forward across networks.
Can anyone advise as to how I get the above scenario to work ?
Thanks
Michel
Please Log in or Create an account to join the conversation.
- asimm.it
- Offline
- Member
Less
More
- Posts: 156
- Thank you received: 0
28 Jun 2010 19:36 #62540
by asimm.it
Replied by asimm.it on topic Port Forwarding over VPN link
Could you not just change the ip address of your mx record to site b or add a lower prevelance mx record for site b to your mx records?
It's a bit of a strange set-up, dare I ask why you need to route SMTP over a VPN?
It's a bit of a strange set-up, dare I ask why you need to route SMTP over a VPN?
Please Log in or Create an account to join the conversation.
- pkecun
- Visitor
28 Jun 2010 19:48 #62542
by pkecun
I'd second this question.. it's an un-necessary complication and will only make troubleshooting any problems you have in the future that little bit harder.. you'd be far better off changing the MX record or DNS host to point to the 2900 instead.
Replied by pkecun on topic Port Forwarding over VPN link
It's a bit of a strange set-up, dare I ask why you need to route SMTP over a VPN?asimm.it wrote:
I'd second this question.. it's an un-necessary complication and will only make troubleshooting any problems you have in the future that little bit harder.. you'd be far better off changing the MX record or DNS host to point to the 2900 instead.
Please Log in or Create an account to join the conversation.
- michel_vandamme
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
02 Jul 2010 10:43 #62640
by michel_vandamme
Replied by michel_vandamme on topic Port Forwarding over VPN link
Hi,
thanks to all who have replied.
Simple answer is I do not wish for the public network on my secondary site to be seen registered.
If the only solution is to have the MX record change to my secondary site then I will need to consider moving my mail server back to site A.
If anyone has any other ideas (say maybe creating a IP map from a local IP to a remote IP - if this is possible on the router), this may help in the scenario.
Thanks again.
Michel
thanks to all who have replied.
Simple answer is I do not wish for the public network on my secondary site to be seen registered.
If the only solution is to have the MX record change to my secondary site then I will need to consider moving my mail server back to site A.
If anyone has any other ideas (say maybe creating a IP map from a local IP to a remote IP - if this is possible on the router), this may help in the scenario.
Thanks again.
Michel
Please Log in or Create an account to join the conversation.
- asimm.it
- Offline
- Member
Less
More
- Posts: 156
- Thank you received: 0
02 Jul 2010 13:38 #62645
by asimm.it
Replied by asimm.it on topic Port Forwarding over VPN link
Hi Michel,
I'm struggling to get on the same wavelength with you here.
Where exactly do you not wish for the public network for the secondary site to be seen registered?
The fact that the ip is public and not private means that it is actually registered somewhere e.g ripe/iana
If your talking specifically about it being registered in your domains DNS records then I feel that the only solution for you would be to use email forwarding services such as DynDNS.com MailHop forward. You would change your mx records to theirs and they would queue your email and forward it to any public ip & any port you specify thus meaning the public ip of site b would only be registered directly with DynDNS.com and nobody else would be able to see the service in operation at Site B.
Hope this helps but I must say I am really confused why you do not wish for this second site to be visible if you have an email server hosted there.
I'm struggling to get on the same wavelength with you here.
Where exactly do you not wish for the public network for the secondary site to be seen registered?
The fact that the ip is public and not private means that it is actually registered somewhere e.g ripe/iana
If your talking specifically about it being registered in your domains DNS records then I feel that the only solution for you would be to use email forwarding services such as DynDNS.com MailHop forward. You would change your mx records to theirs and they would queue your email and forward it to any public ip & any port you specify thus meaning the public ip of site b would only be registered directly with DynDNS.com and nobody else would be able to see the service in operation at Site B.
Hope this helps but I must say I am really confused why you do not wish for this second site to be visible if you have an email server hosted there.
Please Log in or Create an account to join the conversation.
- michel_vandamme
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
02 Jul 2010 15:33 #62650
by michel_vandamme
Replied by michel_vandamme on topic Port Forwarding over VPN link
Lee,
Thank you kindly for your response.
You are right, I do not wish for the secondary site to be registered in DNS.
Your suggestion seems like the only option I have for now. Thank you again and hopefully this will resolve my issue.
Regard,
Michel
Thank you kindly for your response.
You are right, I do not wish for the secondary site to be registered in DNS.
Your suggestion seems like the only option I have for now. Thank you again and hopefully this will resolve my issue.
Regard,
Michel
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek