Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jet321]

I'm trying to get get my vpn connection at home to be reliable, and
from talking with others, suspect it is a port forwarding issue.

I was wondering if someone could explain the difference between
application forwarding and port forwarding. 

My thinking is the main difference is with port forwarding you
can forward the port to a specific machine, while for application
forwarding, it just passes it in.  Additionally, seems like with
application forwarding, you could change the port between each
side of the router, which port forwarding wouldn't do.

Is this correct? 

The VPN issue is with Microsoft's Remote Access software dropping
me periodically, which from talking with co-workers occured to them
when they did not have the correct ports being forwarded.  So I'm trying
to verify that on my setup.

Thanks
John

[DRT-1000]

An application rule is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. An application rule applies to all computers on your internal network.

Port Forwarding.
Multiple connections are required by some applications, such as internet games, video conferencing, Internet telephony, and others. These applications have difficulties working through NAT (Network Address Translation). This section is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. You can enter ports in various formats:

Virtual Server.
The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a public port on your router for redirection to an internal LAN IP Address and LAN port.

[jet321]

Yes, I read the help page, but to me that is still a bit unclear,
and doesn't really answer my question. :-(

Like I said, there seems to be no real difference between
application forwarding and port forwarding other than:
  1) port forwarding targets a single computer
      while application forwarding doesn't. 
       - for that matter, can the IP address in port
         forwarding be wild carded?
  2) There's the trigger that potentially allows remapping
      of a port to a different port.  In this case I don't care
      about that so they are set to the same value.

Assuming you can wild card port forwarding, I see no real
difference between the two if configured as I described in
#2.

Virtual server is closer to the definition of port forwarding
since it too will target s specific IP address, not what I want
to do with a VPN.  Or rather not how I want to configure my
network.

Is there any other difference between them? 

John

From reading the help menus, there seems to be no real
difference in the outcome between the two.  If I open a port
with an application rule, how is this different than port forwarding
other than

[DRT-1000]

Port forwarding is OPEN, Application rules should close after or when not in use.

Port forwarding Rules do not change depending on the computer requesting the port. If you want two computers to use RDP and have a rule for TCP 3389 to one, then you have to actually edit the registry of the other PC to use say 3390 as a RDP port. Ports can only be forwarded to one PC at a time.

Oh, and Application rules will only work for outbound traffic. The PC must be on the local side of the NAT processor or the incoming traffic will get dropped because the port is not opened. Another Huge difference from Port forward and App rules. Virtual server rules are also always open, but you can route the External and internal ports instead of just 3000 --> 3000.

[cdnfreak]

Jet, you will likely prefer the method of forwarding using the Server mode from a connection reliability standpoint. You do not want to forward the vpn using a specific port to more then one machine as that will cause problems with your connectivity.

Essentially what you are trying to achieve is a dmz on 1 port from the outside connection to your computer inside the network.

I noticed that you mentioned that you don't want to use port forwarding to one computer and that you would prefer the idea of application forwarding. Are you attempting to use more than one pc for connection?

[jet321]

Sorry, was busy for a few days.

I do not want to have to forward to one specific computer in the sense of being
restricted to forwarding to that specific IP.  I want the ability to have multiple
computers on the local net (192.168.0.*) that will access the remote site via
VPN.  Occasionally I will have two computers accessing the remote site via
VPN at the same time.

The old VPN we used didn't need anything special on the DI624, but at the same
time that router died, we switched to a new one that does require that it seems.

If the application forwarding does shut down the port when it senses you are "done"
then yes, that is definetly not what I want and the true port forwarding or virtual
server is probably closer to it.  Though both of those seem to require me to
do some hard coding of IP's on the 192.168.0* side of the router and somehow
setup rules to figure out which computer to direct the incoming requests to....
Not sure that one is possible.

Or am I just missing the point/method of doing this?  For example, we have been
told MSRA requires GRE, isakmp, and some others to ensure the VPN works.  It
is sounding like if I want to open those, I have to route the ports to a specific IP
that is predetermined when I configure the router rather than based on the IP
that gets assigned when the computer connects to the router(DIR655). 

Thanks
John
(I may be slow responding this week too)

[AWDL]

Analysis related to use, not port set-up question.
It sounds more like an office to office connection instead of a home to office connection. I would not even use a home router. I would use a SMB VPN router that can handle the ISP access and the VPN connectivity management. DIR-330 or better yet DIR-130 and use the DIR-655 as a wireless access point.