Description:

The WAN tag table can be used to restrict VPN dial-ins to a specific local network without having to create firewall rules. This does, however, require different interface tags to be specified for the networks. It is even possible for the networks to have the same IP address range.

Requirements:

• LCOS as of version 9.24 (download latest version)
• LANtools as of version 9.24 (download latest version)
• Functional networks and VPN dial-ins 

Scenario:

• Currently in use are the networks VPN-NETWORK1 (Interface tag 2) and VPN-NETWORK2 (Interface tag 3).
• The VPN connection VPN-DIAL-IN1 should access the VPN-NETWORK1 and  VPN-DIAL-IN2 should access the network VPN-NETWORK2.

Procedure:

1) Open the configuration for the router in LANconfig and switch to the menu item Communication → Remote Sites → WAN tag table.

2) Add a new entry for the first network (VPN-NETWORK1) and adjust the following parameters:

• Remote site: From the drop-down menu, select the VPN remote site that should access the first network (in this case VPN-DIAL-IN1).
• Interface tag: Enter the interface tag of the first network (in this case, tag 2).

3) Add a new entry for the second network (VPN-NETWORK2) and adjust the following parameters:

• Remote site: From the drop-down menu, select the VPN remote site that should access the second network (in this case VPN-DIAL-IN2).
• Interface tag: Enter the interface tag of the second network (in this case, tag 3).

4) This concludes the configuration of the WAN tag table. Write the configuration back to the router.