09-20-2009 07:52 PM
I'm trying to use the rv042 as a primary internet connection, and also as a failover VPN for my primary private WAN connection.
I have a load balancer / failover device, called a Fiberlogic, which acts as the main router for my remote office's network. This device tells all traffic for my private network to go to connection A, and all traffic for the internet to go to connection B (connection B is the rv042). If the fiberlogic sees that connection A is down, it will send the private network traffic to connection B. The RV042 has a VPN setup, I've tested that, and that works.
However, I'm having a VERY difficult time getting the RV042 to act as our internet gateway. The RV042 is in 'gateway' mode. Devices plugged into it directly (or via an exteral switch) work fine. The RV042's LAN is 10.2.254.0/24, and it is .1. The FiberLogic is .254. The main network is 10.2.0.0/24 (and the FiberLogic is .1). The FiberLogic routes all traffic for the internet (and for failover) to 10.2.254.1. I've setup a static route to have the RV042 route 10.2.0.0/24 to 10.2.254.254.
I had a ton of problems with this earlier today. I have a second RV042 that I put in to see if that would fix it. It didn't. Finally I restored factory defaults, and reset it up, and I thought it was working. As I was cleaning up I did a last test - and it failed.
I've setup a hub between the FiberLogic and the RV042, and setup a computer with Wireshark to do some packet traces. I get odd results. I never get a repyl. SOMETIMES I can see the replies coming from 10.2.254.1 (the RV042) to 10.2.0.25 (my workstation) in wireshark, although I don't get them (odd). However, whenever I ping out to the internet, I never even see the replies, only the requests.
I read that DHCP needs to be off for static routing to work. I've tried it with and without DHCP several times. I tried it with and without the VPN.
Again, devices not behind the fiberlogic work fine (i.e. devices on the 10.2.254.0/24 subnet that are using the RV042 as their gateway). ut behind the fiberlogic, devices fail.
Any help would be greatly appreciated.
Solved! Go to Solution.
09-23-2009 06:39 PM
The RV042, Rv082, and RV016 routers can be configured to NAT additional networks that sit behind the LAN.
1. Log onto the Router
2. Go to the Setup Page
3. About mid-way down the page, there is section that says "Multiple Subnet Setting"
4. Click on the button that says "Add/Edit." This will bring up a dialog box
5. Enter the Network number and Subnet Mask and then Click "Add to List" e.g. Network: 192.168.200.0 Subnet Mask: 255.255.255.0
6. Click Save Changes
7. This will return you to the previous setup page
8. The Multiple Subnet Setting check box should be checked and the second network to be NATed should be listed
9. Click the "Save Settings" page at the bottom of the page
Note I: The latest firmware revision for the RV016 seems to prefer to have this process done using Internet Explorer.
09-20-2009 09:14 PM
PMC,
It appears the RV042 is working perfectly. You say, " Devices plugged into it directly (or via an exteral switch) work fine." And "The RV042 has a VPN setup, I've tested that, and that works." So, it sounds as though the RV042 is working OK and issue is more of a configuration issue with the FiberLogic.
A topology of what you are trying to set up would be helpful. You say, "The RV042's LAN is 10.2.254.0/24, and it is .1. The FiberLogic is .254." That sounds like the FiberLogic is assigned the address of 10.2.254.254. In the next sentence you say, "The main network is 10.2.0.0/24 (and the FiberLogic is .1)." That sounds like the FiberLogic is assigned 10.2.0.1. I would recommend setting the FiberLogic on the 'main' network address only.
You may have an issue with double NATing, where both the RV042 and FiberLogic are doing address translation. If you are pinging out to the internet and not getting replies, double NATing would cause that. Check the FiberLogic for this and turn NAT off. Static routing will work as long as it's outside of the DHCP range. In other words, if your DHCP range is 10.2.0.2 - 10.2.0.99 then a static route to 10.2.0.105 should work. DHCP will assign addresses in this range. If your predefined static route is in this range, you could have a conflict with two devices with the same address.
09-21-2009 08:26 AM
See the attached diagram, it should make things more clear. My diagram does NOT include the hub I put between the fiberlogic and the RV042 so I could do some wireshark network captures.
There is no NAT on the FiberLogic, and my inspection with Wireshark verifies that. Like I said, I've turned DHCP off and on. It may not be a problem with the routing, but that the way it seems. When I ping a device on the internet from behind the FiberLogic (say www.yahoo.com), requests go out, but replies never come back (i.e., wireshark doesn't show any return traffic). If ping out to the internet from a device connected directly to the RV042, it works fine. I'm willing to say the issue has something to do with the Fiberlogic, however the wireshark capture doesn't show any requests coming back.
Here's another issue that I see to show that the internet is not working. Don't let this example confuse you - you can ignore it if you want. I have a local DNS server on 10.2.0.0/24, which is configured to use the internet connection behind the RV042. This is the primary DNS server the the computers in this subnet, but they have a backup DNS server out on my private network. When I watch the DNS traffic I see my local DNS server trying to get DNS queries, but they all fail (there is no responce from the root DNS servers to resolve the names, I just see querires going out). DNS is ultimately resolved by the DNS server that's out on my private network.
So, it could have something to do with my FiberLogic, but it seems like the issue is a routing issue. Perhaps the NAT on the RV042 doesn't work when the devices behind it are not local devices (on the local subnet)? Hmmmm. That may be the issue... Also, I've done double, and even triple, NAT. Normal internet traffic can be NAT'd all over the place, so I don't think double NAT would be the problem. But the RV042 may not be able to NAT (properly) for traffic that is on a remote subnet. I suppose I need another hub or something so I can watch the traffic on the other side of the RV042.
09-21-2009 07:51 PM
Please take a look at the attached pdf file I will be referencing that a bit.
In your diagram you show two separate routers the RV and another device, but you only mention IP information for the RV042. Do you mean the fail over connection is for the Dual WAN configuration of the RV042?
Your diagram also shows a connection from the un-named router to your private network and a VPN connection back to the RV042. Was that meant to show logical connections?
If I do not answer your questions or solve the issue please answer the question marks in the diagram so we can get a better idea as to what you are trying to do.
First, get rid of the route statement on the RV042 back to the Fiber Logic. That is a connected network and you should not have to specify a route. Also, the Fiber Logic should be connected via its own WAN port (stating the obvious) and should have the IP address of .254.254 as you stated and its LAN IP of 10.2.0.1/24 (for example). All of the clients behind the Fiber Logic would use that IP as their GW.
If you are connected as shown in the diagram you should be able to get out. If you are still not able to get out, ping from the Fiber Logic or do a trace route to the internet (google.com for example) and post results. NATing should not be a problem, it just sounds like the Fiber Logic is not configured correctly (can you put it into Router Mode"?) or the devices are not connected correctly. Such as; from the RV LAN port to the Fiber Logic LAN port, rather than its WAN port.
Hope this helps.
09-23-2009 08:57 AM
Thanks so much for the feedback. Attached is a slightly updated diagram. I wish I was familiar with a better tool than 'mspaint' :). Your diagram is nice!
All connections execpt the VPN connection on the diagram are physical connections. I need the route statement on the RV042 so the RV042 knows how to get back to 10.2.0.0/24. The clients are using 10.2.0.1 as their GW.
I may not have been clear before, but after additional testing I can get to the LAN interface of the RV042 (10.2.254.1) from the 10.2.0.0/24 network. Traffic flows between the netwroks fine.
At the moment I think the issue is a NAT problem on the RV042. I think that the RV042 is not NAT'ing for the remote subnet. I'm suspecting it can only NAT for it's local subnet (which shouldn't be the case). I'm setting up a test lab where I can get network captures on all parts of the network packets journey so I can see what's going on. If it works in the lab I'll see about setting up the equpiment to test in production during off hours (tedious).
If anyone else has thoughts I'm all ears :).
09-23-2009 06:09 PM
Ok, I finally finished getting the test lab setup. The problem is NAT. The RV042 is not NAT'ing for the remote network. YEAY! I answered my original question. But, how do we fix the problem? I suspect Linksys/Cisco needs to fix this, unless there's something I can set to make the RV042 NAT for the remote network.
Attached is a (rough) diagram of the test lab, and are 2 network captured I did with wireshark.
I did 2 pings. Ping 1 was from computer A to computer C, and ping 2 was from computer B to computer C.
"cap-between-FL-and-netgear.pcap" is the capture taken on computer b, and it shows all traffic that passes between the fiberlogic and the RV042. "cap-outside-FL.pcap" is the capture taken on computer c, and it shows all the traffic that happens outside the RV042.
If you look at "cap-outside-FL.pcap", you can CLEARLY see that when computer a pings computer c, the RV042 does NOT do NAT. It passes the IP address right on through. It that packet had been destined for the internet, it would not get routed. However, you can also see that the ping from computer b to computer C works as expected, the RV042 NATs it properly.
So, again, what can be done to fix this? Is the RV042 doing this by design?
09-23-2009 06:39 PM
The RV042, Rv082, and RV016 routers can be configured to NAT additional networks that sit behind the LAN.
1. Log onto the Router
2. Go to the Setup Page
3. About mid-way down the page, there is section that says "Multiple Subnet Setting"
4. Click on the button that says "Add/Edit." This will bring up a dialog box
5. Enter the Network number and Subnet Mask and then Click "Add to List" e.g. Network: 192.168.200.0 Subnet Mask: 255.255.255.0
6. Click Save Changes
7. This will return you to the previous setup page
8. The Multiple Subnet Setting check box should be checked and the second network to be NATed should be listed
9. Click the "Save Settings" page at the bottom of the page
Note I: The latest firmware revision for the RV016 seems to prefer to have this process done using Internet Explorer.
09-24-2009 08:22 AM
Vreid - it looks like you saved the day. That seems to have solved my problem. Nice! I'm really curious what exactly that setting does. It does seem to allow the NAT to work. The 'help' just says something to the effect of it allows you to break your network into multiple networks. The effect is it allows NAT, and that's perfect.
Alegalle, I captured packets on computer B and computer C, and you're right, it's the packet capture from computer C (cap-outside-FL.pcap) that shows the NAT NOT happening.
Looking at the name of that file, I see I misnamed it. That file should be "cap-outside-RV042.pcap".
09-24-2009 09:35 AM
PMC,
The RV's are configured by default to only NAT the subnet directly attached to the LAN side of the router. The early firmware releases didn't have any way to enable NAT for other subnets behind the router. At some point, however, the Multiple Subnet feature was added. Basically, it tells the RV to go ahead and perform outbound NAT for each additional subnet listed in addition to the original LAN subnet.
Also, please make sure that your FiberLogic device is not performing NAT on IP's originating from 10.0.3.0 network on WAN2 of the FiberLogic. If both the FiberLogic and the RV are doing NAT, then you could run into problems accessing some services because of the double NAT situation (for example, HTTPS web sites may not be consistent with connections from the 10.0.3.0 network).
09-23-2009 06:47 PM
Before you make changes take this into concideration.
In the diagram you posted, the location of the machine capturing packets is not in the correct place to show if the RV is performing NAT. In your configuration you have shown that the FiberLogic is not NATing.
Remember that IP addresses will not change from destination to destination (unless NATed). So when you ping from computer A to computer C and you watch the packects in the LAN of the RV the IP for the destination should be the OUTSIDE ip; however, the source should be the WAN ip of the FiberLogic.
Check your FiberLogic again. If you wanted to see if NAT is wroking properly capture packets on the WAN of the RV.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide