VPN from LAN

Vigor3912S – the new 10G High-Performance Load-Balancing VPN Concentrator, supports a new VPN from LAN function to increase the security level of your network. VPN from LAN, as its name suggests, is to allow the VPN Remote Dial-In connection from LAN. You may wonder why? Can't we regard LAN as secure? LAN is safer than the Internet, but it is still not easy to avoid unknown devices or computers affected by viruses connected to the local network. VPN from LAN can protect critical servers from being affected by other LAN devices by restricting access from different LAN subnets only through VPN. For the device or computer that doesn't have a VPN account, it cannot reach the LAN servers.

Suppose there are 3 LAN subnets, a server LAN, a staff LAN, and a guest LAN. All the 3 LAN subnets are separated by VLAN and cannot access each other. In the past, we used Inter-LAN Routing to allow the staff LAN to access the server LAN. When the Inter-LAN Routing is opened, we must create strict firewall rules to block unnecessary server access. Now we can ask the staff to create a VPN to Vigor3912S first for accessing the servers. Except for better controlling the access from LAN clients to the server, the data transmission between the LAN client and the server will be encrypted by VPN, which can protect the data from being revealed, thus, can also enhance security.

The supported models are:

  • Vigor3912S fw 4.3.5.1
  • Vigor3910 fw 4.4.3
  • 1. Go to LAN >>VLAN and LAN General Setup page to create another LAN. VPN from LAN function must work with the other LAN except for LAN1.



    2. Select the LAN to allow VPN Dial-In via VPN and Remote Access >> Remote Dial-in User, then Click OK.



    3. VPN from LAN function supports SSL VPN, IPsec, and WireGuard VPN protocols. Create the VPN Remote Dial-In User profile via VPN and Remote Access >> Remote Dial-in User. Ensure the LAN subnet setting should be the server LAN the VPN needs access. So that an IP address in the server LAN will be assigned to the VPN client. The VPN client will use this IP to access the servers.



    4. On the VPN client setup, ensure the VPN client obtains an IP from LAN2. The VPN Server’s IP address can be the Router’s LAN2 IP or the Router’s WAN IP (NAT Loopback)



    5. Go to VPN and Remote Access >> Connection Management page to check the VPN user status. When the VPN comes from LAN, the Remote IP will mark from LAN.

    Published On:2024-01-24 

    Was this helpful?   

    book icon

    Related Articles