By default, Draytek firewall filter rule is set to allow all traffic except NetBIOS. In this scenario, we change the firewall filter default rule to block all traffic.

 

Step 1:  Configure Main office Firewall to Block all Traffic.

1. Go to Firewall>>General Setup.

a. Select “Default Rule” tab.

b. Select  “Block” under Action/Profile.

c. Click “OK” to save your settings.

Step 2:  Configure Main Office Firewall to allow VPN traffic going to Remote Office.

1. Go to Firewall>>Filter Setup and select the 2nd set.

a. Select the 2nd rule to create a filter to pass VPN traffic going to the Remote office.

b. Select “Check to enable the Filter Rule” and enter comments e.g Main to Remote.

c. Select “LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN under Direction.

d. Select “Any” for the source IP address.

e. Select edit to specify the subnet of Remote office (192.168.1.1 255.255.255.0).

f. Select “Pass immediately” under Filter Action/Profile.

g. Click “OK” to save your filter settings.

Step 3:  Configure Main Office Firewall to allow inbound  VPN traffic from Remote Office.

1. Go to Firewall>>Filter Setup and select the 3rd set.

a. Select the 3rd rule to create a filter to pass inbound VPN traffic from Remote office.

b. Select “Check to enable the Filter Rule” and enter comments e.g Remote to Main.

c. Select “LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN under Direction.

d. Select “Any” for the source IP address.

e. Select edit to specify the subnet of Remote office (10.0.0.1 255.255.255.0).

f. Select “Pass immediately” under Filter Action/Profile.

g. Click “OK” to save your settings.

Step 3:  Testing

1. Ping PC2 from PC1.

2. Ping PC1 from PC2.