DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question - Routers

This is a discussion on DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question - Routers ; Hi, I'm getting broadband with multiple static public IPs, and I'm thinking of getting a Vigor 2600 to go with this. Can I do the following with a 2600? (a) I want to run 3 private subnets (say 192.168.0.0/24, 192.168.1.0/24 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

  1. DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

    Hi,

    I'm getting broadband with multiple static public IPs, and I'm thinking
    of getting a Vigor 2600 to go with this. Can I do the following with a
    2600?

    (a) I want to run 3 private subnets (say 192.168.0.0/24, 192.168.1.0/24
    and 192.168.2.0/24) using the VLAN functionality. My aim is to
    segregate 192.168.1.0/24 and 192.168.2.0/24 addresses, but allow both
    access to the Internet and 192.168.0.0/24 addresses.

    (b) I also want all outbound Internet traffic from the 192.168.1.0/24
    subnet to appear to the outside world to come from public IP address #1
    and all 192.168.2.0/24 traffic to come from public IP address #2.

    (c) I also want to set up port forwarding on public IP address #1 to
    machines in the 192.168.1.0/24 subnet and on public IP address #2 to
    192.168.2.0/24.

    (d) I may also need to route public IP address #3 straight to one of my
    VLANs. (And perhaps IP address #4 to another VLAN.)

    The big question is can I do all of this at the same time?

    I've being doing quite a bit of research, but I can't quite convince
    myself that I can do what I want. In particular, the Vigor 2600 manual
    I downloaded implies that I need to set up a DMZ to get web requests
    etc. to appear to come from a specific IP address. Is this true, or can
    I just do some magic with the "Join NAT IP Pool" option?

    If I can't do this with the 2600, does anyone know what hardware I can
    do it with?

    Any comments will be very much appreciated; networking isn't my
    strongest point.

    Thanks!


  2. Re: DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question

    FYI, this is the response I got from Draytek themselves:

    a. The Vigor can only deal with one subnet. You could still use the
    Vigor VLAN facility to separate the ports but you'd need two more
    devices to act as the gateway for the other two subnets.

    b. Sorry, this can't be done with just the Vigor. There is a MultiNAT
    facility where if you put a device into the DMZ host of a WAN IP it
    would cause all outbound traffic to appear to come from that IP. THis
    means that potentially you could have an additional router for
    192.68.2.0/24 and another router for 192.168.1.0/24 with both routers
    in the DMZ host for the required public IP.

    c. If you went with the DMZ host option the port forward would be
    setup on the additional router for each network.

    d. For a spare public IP you can use IP routing to router IP address
    directly.

    If anyone has any practical experience to the contrary, I'd love to
    hear about it. Although obviously if they guys that make it say it
    can't do what I want... :-)


+ Reply to Thread