Re: Can't access my own external IP from my network

masc1 · ‎05-06-2018

Hi! I own a Cisco RV345 Dual WAN Router and currently I'm facing kind a strange problem, where i don't know the reasons: I have a fixed external IP from my ISP (assumed 1.2.3.4). Inside my network i have 2 VLANs. Only one WAN is used and active. When i access any website or other IP the outgoing IP is 1.2.3.4 as well. All works fine so far.

Now the problem: When I'm inside my network i cannot access my own external IP via 1.2.3.4. Ping to the network works, but HTTPS doesn't give any response. Actually seems to related to some firewall rules, but currently i don't have any rules defined yet. Even when I deactivate the firewall, no connection possible. When I'm in a different network i can access 1.2.3.4 without problems. Is there anyone of you who had similar problems?

Kind regards

Dennis Mink · ‎05-06-2018

can you include a brief diagram, of your setup, including ip addresses.

also, why do you need to access your public IP on your router, from inside? or is it just a test?

Please remember to rate useful posts, by clicking on the stars below.

Florin Barhala · ‎05-07-2018

That might be a router limitation: not being able to access your WAN IP from inside aka LAN.
Is this related to some kind of webacces from internal?

Marius Gunnerud · ‎05-07-2018

I wouldn't say it is a limitation, but a "security feature". Kind of like with the ASA.

--
Please remember to select a correct answer and rate helpful posts

Florin Barhala · ‎05-07-2018

Don't want to start a flame here, but there other well-established vendors that allow this "feature".
At least ASA has that DNS doctoring feature.

Marius Gunnerud · ‎05-07-2018

Why this isn't included in the ASA QoSk feature is a question Cisco would need to answer.

But my guess is that Cisco has other devices that do this very nicely and since the ASA is a firewall that only a limited QoS feature was added. Well, that's my 2 cents.

--
Please remember to select a correct answer and rate helpful posts

masc1 · ‎05-07-2018

The reason i would need it, is because I use a server with nextcloud, which is accessed through port-forwarding. As i don't want change the config on my devices accessing the nextcloud, I would like to access it through my external IP, even when I'm inside. Of course i can access the local IP inside my network without problems

I currently have 2 distinct VLANs, actually before, when i had just the default one, i could access my own IP without problems. InterVLAN routing is deactivated.

Dennis Mink · ‎05-07-2018

as an alternative you could use a vpn to manage that nextcloud server from external?

Please remember to rate useful posts, by clicking on the stars below.

masc1 · ‎05-10-2018

Still facing the same problem... I have tried some things...

Strange behavior: When i delete the PORT-forwarding (HTTPS to HTTPS on 192.168.2.10) i cannot access 1.2.3.4 from external (thats what i expected). But surprisingly, when i access now 1.2.3.4 from an internal device, i get the login page of the router... even though i have deactivated remote management.

Its really confusing, do you know what am i doing wrong?

Florin Barhala · ‎05-11-2018

I think the behavior is "as expected". I would try changing the management port from TCP/80, TCP/443 to TCP/4430 and see if we get any improvement.

masc1 · ‎06-25-2018

Unfortunately none of the solutions worked.

I found out that the problem is called NAT loopback. So my question now: How can i avoid a NAT Loopback on a Cisco RV 345?

Thank you

masc1 · ‎03-12-2019

Still no answer! How can i get proper support with this Business Router?