Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 6

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.


Seiteneigenschaften




Description:
In certain circumstances it may not be possible to implement port forwarding to a location where a network resource is to be reached, for example where no public IPv4 address is available (e.g. with dual-stack lite).
In a case like this, port forwarding can be realized via a VPN tunnel if the location has a VPN connection to another site that does have a public IPv4 address.
This document describes how to implement port forwarding through a VPN tunnel.
Please note that when using port forwarding, anyone can read unencrypted information as cleartext. LANCOM Systems recommends using an encrypted VPN connection when transferring important information.



Requirements:
  • Configured and functional Internet connections at the headquarters and the branch office
  • Public IPv4 address at the headquarters
(also see DokumentlinksymbolImage Removed)
  • .




Scenario:
  • The headquarters has an Internet connection with a fixed IPv4 address
  • The branch office has an Internet connection with a non-public IPv4 address (e.g. dual-stack lite)
  • The headquarters and the branch office are connected by VPN
  • Field staff require access to a server at the branch office by means of port forwarding
Image Removed

Image Added



Procedure:
1) Configuring port forwarding on the router at the headquarters:
1.1) Open the configuration of the router at the headquarters and switch to the menu item IP router → Masq. → Port forwarding table.
Image Removed
Image Added
1.2) Create a new entry and enter the following information:
  • First port: Enter port 443
  • Last port: Enter port 443
  • Remote site: From the drop-down menu, set the remote site to INTERNET, so that port forwarding applies to this connection only
  • Intranet address: Enter the IP address of the server in the branch-office network (192.168.0.100)
  • Map port: Leave Map port as 0, as no remapping is required
  • Protocol: Set the protocol to TCP, as HTTPS is transmitted via TCP
Image Removed
Image Added


Info

Further information about port forwarding is available in

the following article: DokumentlinksymbolImage Removed

this Knowledge Base document.


1.3) Write the configuration back to the router. This concludes the configuration at the headquarters.


2) Configuring the VPN route on the router at the branch office:
Since communications are required with a party on the Internet, a default route must be created for the VPN connection.
2.1) Open the configuration of the router at the branch office and switch to the menu item IP router → Routing → IPv4 routing table.
Image Removed
Image Added
2.2) Mark the default route for the Internet connection and click Copy.
Image Removed
Image Added
2.3) Modify the following parameters:
  • Routing tag: Enter a routing tag not equal to 0, which has not yet been assigned elsewhere.
  • Router: From the drop-down menu, select the VPN remote for the headquarters.
  • IP masquerading: Set the radio button to IP masquerading switched off


Hinweis

The routing tag must not match any interface tag already stored under IPv4 → General → IP networks; otherwise the entire communication of this network takes will be routed through the VPN tunnel.

Image Removed


Image Added
2.4) Write the configuration back to the router.