Multi Location VPN / DMZ / ACL Configutration Assistance Request
Hi Folks,
I need some guidance and examples for a multi location setup I'm working on. My time is short and getting used to the GUI as well as handling a hundred other fires at the same time has me not being able to get it together the way I need to.
I have this configuration about to be installed:
ISP Modem > ISP Router > ER605 in DMZ w/ VPN > Client Nodes Wired (10.10.x.x) and Wifi AP + 3rd Party Router > 3rd Party Server (10.10.10.99)
ER605
- has to deny all random inbound traffic
- has to allow VPN from multiple inbound sources in the Co. (those I think I've gotten right)
- has to allow a white list of various IP addresses and domain names to port forward through to the 3rd party router.
- anything on the VPN has to be able to access any nodes anywhere in any of the locations like printers (just asking for some confirmation on this)
My info has been based on this document: https://www.tp-link.com/us/support/faq/2026/ I'm just having difficulty in configuring the rules I need in the proper order.
If I'm not in the right spot there, let me know.
What rules would securely make this happen (based off the gui) and the order they go in?
TBH, It's been a while since I needed to do something like this and really, any assistance and advice is truly appreciated.
I know it's:
DENY ALL inbound
ALLOW X Y Z Whitelist
FORWARD PORTS 1 2 3 4 to .99
...but how to integrate it into this GUI is giving me grief in translating the age barrier from when I did this last.