VPN based on destination IP for a standalone device ?

I have a situation where a standalone device (not a PC) is accessing
several different destination servers. But when it accesses one
particular range of IP's I want to route that traffic (only) via VPN.
All other traffic I want to remain through my standard broadband
routing. The only configurable aspect of the device though is the
default gateway. No software can be installed on it.

Ideally I would like to use the VPN feature built into my Draytek
router and find a US based VPN service provider who can accept this.
However I would be prepared to purchase some other low cost hardware
solution or indeed perhaps go via a PC using internet connection
sharing with VPN software installed. I would prefer the 'device' to
remain on the same subnet as all my other intranet though.

Is there an easy way to force certain destination address ranges to go
via VPN and all other traffic to remain as is (static routes ?) ? If
so can I do this with a Draytek VPN capable router (or two of them) ?

Is there a way to have an intermediate PC act as the default gateway
for the 'device' , applying VPN and then forwarding to my standard
internet router with the device and all PC's remaining on the same
subnet (ie without ICS) ?

Chris

(E-Mail Removed) wrote:

>
> Is there a way to have an intermediate PC act as the default gateway
> for the 'device' , applying VPN and then forwarding to my standard
> internet router with the device and all PC's remaining on the same
> subnet (ie without ICS) ?

The Draytek is the VPN server so it waiting for incoming connections.

I'm not sure how you can route certain IPs outwards, I would have
thought that would be configured in the device.

Geoff Lane

Can you not put routes into the draytech?

I am assuming that it is out gate way.

Don C


In article
<b2d8c17c-8349-455f-ba91-(E-Mail Removed)>,
(E-Mail Removed) writes
>I have a situation where a standalone device (not a PC) is accessing
>several different destination servers. But when it accesses one
>particular range of IP's I want to route that traffic (only) via VPN.
>All other traffic I want to remain through my standard broadband
>routing. The only configurable aspect of the device though is the
>default gateway. No software can be installed on it.
>
> Ideally I would like to use the VPN feature built into my Draytek
>router and find a US based VPN service provider who can accept this.
>However I would be prepared to purchase some other low cost hardware
>solution or indeed perhaps go via a PC using internet connection
>sharing with VPN software installed. I would prefer the 'device' to
>remain on the same subnet as all my other intranet though.
>
>Is there an easy way to force certain destination address ranges to go
>via VPN and all other traffic to remain as is (static routes ?) ? If
>so can I do this with a Draytek VPN capable router (or two of them) ?
>
>Is there a way to have an intermediate PC act as the default gateway
>for the 'device' , applying VPN and then forwarding to my standard
>internet router with the device and all PC's remaining on the same
>subnet (ie without ICS) ?
>
> Chris

<(E-Mail Removed)> wrote in message
news:b2d8c17c-8349-455f-ba91-(E-Mail Removed)...
> I have a situation where a standalone device (not a PC) is accessing
> several different destination servers. But when it accesses one
> particular range of IP's I want to route that traffic (only) via VPN.

the client you use usually depends on the target VPN server - and it sounds
like you want the client on your end.

So - work out where the connection needs to go 1st, and what is at the other
end of the link.

> All other traffic I want to remain through my standard broadband
> routing. The only configurable aspect of the device though is the
> default gateway. No software can be installed on it.

you should be able to use a VPN client device (eg Cisco VPN 3002), or some
routers that can work as a VPN client (not as a server).

If all else fails a "real" router such a small Cisco with VPN support can do
this.

selective forwarding of some traffic to the VPN, and the rest elsewhere is
known as "split tunneling".

>
> Ideally I would like to use the VPN feature built into my Draytek
> router and find a US based VPN service provider who can accept this.
> However I would be prepared to purchase some other low cost hardware
> solution or indeed perhaps go via a PC using internet connection
> sharing with VPN software installed. I would prefer the 'device' to
> remain on the same subnet as all my other intranet though.
>
> Is there an easy way to force certain destination address ranges to go
> via VPN and all other traffic to remain as is (static routes ?) ? If
> so can I do this with a Draytek VPN capable router (or two of them) ?

Once you have a client, then as long as the traffic goes to it (ie make it
the default gateway) then it can choose where to send each packet based on
destination.
>
> Is there a way to have an intermediate PC act as the default gateway
> for the 'device' , applying VPN and then forwarding to my standard
> internet router with the device and all PC's remaining on the same
> subnet (ie without ICS) ?
>
Probably...

> Chris
--
Regards

(E-Mail Removed) - replace xyz with ntl

In article <fmqnra$n6c$(E-Mail Removed)>, (E-Mail Removed)
says...
> (E-Mail Removed) wrote:
>
> >
> > Is there a way to have an intermediate PC act as the default gateway
> > for the 'device' , applying VPN and then forwarding to my standard
> > internet router with the device and all PC's remaining on the same
> > subnet (ie without ICS) ?
>
> The Draytek is the VPN server so it waiting for incoming connections.

It also has a "dial-out" function for "site to site" VPN connections.

--
Regards
Jon

All sorted now thanks - the Vigor does have the ability to only route
based on destination IP , and I have the PPTP VPN working. Chris