Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1361
Views
0
Helpful
6
Replies

RV016 - Port Forwarding

mjquinnrv016
Level 1
Level 1

‎09-28-2012 02:59 AM

I have an RV016 router with 2 Fibre WAN connections on it.  I have two internal servers with resources I need available externally.

I would like WAN1 to forward port 443 to server 1 and WAN2 to forward port 443 to server 2.

It does not appear this is possible as you do not have the option to select which WAN port you want the port forwarding for and can only forward ALL traffic on 443 to one internal server.

Does anyone know if this is possible or not?

Thanks

Labels:
0 Helpful
6 Replies 6

Te-Kai Liu
Level 7
Level 7

‎09-28-2012 03:00 PM

This is not possible with RV016. When a port forwarding rule is specified, it is applied to both WAN interfaces. If you have two secure web servers, you would need to assign different ports for accessing them from the WAN side.

0 Helpful

wbtadmin1
Level 1
Level 1
In response to Te-Kai Liu

‎01-02-2015 12:42 PM

I am reviving this because I am running into the same situation. Is this not what Protocol Binding is for? To do this exact thing? I have configured Protocol Binding as well with no such luck. Please advise. Thank you.

0 Helpful

Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to wbtadmin1

‎01-05-2015 05:04 AM

Hi Wbtadmin1,

 

You can use Port access translation which you can translate the port for example if you have two server listen in the same port such 443 , with port access translation you can choose an external port and internal port.

configuration : 

Please follow this steps:

1. Please remove the rule of the port forwarding 

2. Go to Setup under UPnP , service management and you will see external port and internal port so please configure external port to xxx and internal to 443 and click add, please do not enable UPnP

3. on the same page please choose the service you created and put the internal IP of the server A

4. for the second rule is the same just change teh external port to yyy and in internal 443 and put the second server B as internal IP

if you want to access to server A : publicIP:external port xxx

if you want to access to server B : publicIP:external port yyy

 

Now we want to restrict Client to access to server A from WAN 2 and allow only from WAN1

Under Firewall -- Access Rules

- Allow service (you can create custom service for external port xxx) from WAN1 to Server A

- seconds Access rules Deny Service (custom service xxx) from WAN 2 to Server A

- The same for server B 

 

N.B : for Protocol Binding is working from LAN to WAN it means if you want to force Server A to communicate outside through WAN 1 or WAN 2 

 

Please rate the post or mark it as answered to help other Cisco customers

Thanks

Mehdi

0 Helpful

wbtadmin1
Level 1
Level 1
In response to Mehdi Boukraa

‎01-05-2015 08:33 AM

Hello Mehdi, I appreciate the response and the very detailed instruction. I don't think this will work for what I need to achieve however. I am basically configuring two instances of MDM servers that utilize the same sending/receiving TCP ports. While I may be able to potentially fake a port for 443 access to the servers, there are 6 other ports/ranges that need to be added and directed to the servers as well for pushing from the mdm and communication/status back from the devices. These are of course not modifiable. The best solution for me would for the gateway device to identify which external IP the request is coming in on and simply direct it to the correct internal IP/port. It seems/sounds so simplistic I just can't believe I'm not able to perform it on the RV016? If anyone has any other input on this I appreciate it. Thank you.

0 Helpful

wbtadmin1
Level 1
Level 1
In response to wbtadmin1

‎01-05-2015 12:37 PM

Alright so I've discovered to get this to work one can utilize "one-to-one NAT", however RV016 "more" under NAT section claims:

 

"Note: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the Internet will be allowed unless Network Access Rules are set."

 

However, I explicitly create a deny rule for port 443 for example and I am still NAT'd through via the 443 port when creating an access rule under the firewall settings. Any idea(s)?

0 Helpful

wbtadmin1
Level 1
Level 1
In response to wbtadmin1

‎01-06-2015 06:17 AM

I appear to have figured out the solution to achieving this. Originally I was creating multiple physical WANs with different static IPs and attempting to identify and forward traffic. This did not work. The solution I discovered was the following:

1. Utilize single WAN, WAN1, and assign as primary public IP (configured static)

2. Under Setup>Forwarding create forwarding rules that need to occur under primary public IP and specify internal private IP/system target.

3. Determine second public IP requests to be handled on and create One-to-One NAT rule under Setup>One-to-One NAT between second public IP and other internal private IP/system target.

4. Under Firewall>Access Rules create a Deny rule for All Traffic, on WAN1, ANY Source (specifying IP does not work here for me), with other private IP for Destination with a time of Always.

 

5. Under Firewall>Access Rules create Allow rules for all ports/services for other IP with WAN1 as interface, ANY as source, and other IP as Destination with a time of Always.

 

Test and verify access to private IP 1 system behind public primary IP 1. Test and verify access to private IP 2 system behind public Nat'd IP 2.

0 Helpful
Customers Also Viewed These Support Documents