Enable ALG (Application Layer Gateway) on Vigor Router

Due to the protocols like SIP, RTSP and FTP are short of NAT-T, when the service server is behind NAT, the connection could fail. Application Layer Gateway (ALG) is the solution to this problem. With ALG enabled, the router will replace the private IP with public IP in the negotiation packet from the client and open dynamic TCP/UDP ports required for the connection.

Enable SIP ALG and RTSP ALG

Since firmware version 3.8.5, we have made a page for ALG feature. To enable, go to NAT >> ALG,

1. Check Enable ALG
2. Check Enable SIP/RTSP ALG, and input SIP/RTSP Listen Port per server settings, TCP and UDP are configurable.
   　

Enable PPTP, IPSec, and FTP ALG

Vigor router will enable PPTP, IPsec, or FTP ALG if these local services are disabled and the service ports are set up to be forwarded the server on a LAN.

1. Disable local service. For PPTP/IPsec. go to VPN and Remote Access >> Remote Access Control, and un-check Enable PPTP/IPsec VPN Service

For FTP, go to System Maintenance >> Management and disable FTP server under Internet Access Control

2. Set up Open Ports for the service, go to NAT >> Open Ports and click any available index to edit

1. Enable Open Ports
2. Choose WAN interface
3. Enter local server IP in Private IP
4. Set Protocol, Start and End port to the Service Port of the service. (please refer to the information in the table below)
   

   Service	Service Port (Required manual configuration)	ALG (Opened by the router automatically)
   PPTP	TCP 1723	GRE IP47
   IPsec	UDP 500, 4500	ESP IP50
   FTP	TCP 21	FTP data port