cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3211
Views
0
Helpful
13
Replies

RV042G - Problems with protocol binding and VPN

hydromeltech
Level 1
Level 1

Hello, I need some help :

I have dual WAN connections on rv042G in "office 1". LAN is 192.168.10.x

A gateway to gateway VPN is made with another "office 2" on rv042G too.

The goal is to reach the LAN of the other "office 2" : 192.168.5.x

Working good.

Now I need to use protocol binding :

One LAN ip need to use WAN 2 :

All traffic :192.168.10.77~77(0.0.0.0~0.0.0.0)WAN2 -> Working

The rest of LAN should use WAN 1 (same as the VPN)

When I create this rules, I can't reach the "office 2" LAN :

All traffic : 192.168.10.100~150(0.0.0.0~0.0.0.0)WAN1

I need some help !

I'm little lost with load balancing.

What should I do to make it works ?

Thx to help

13 Replies 13

Tom Watts
VIP Alumni
VIP Alumni

Hi Gael, please be a bit more clear. You are using dual WAN and you have a VPN tunnel up. Which WAN interface is holding the tunnel up?

If you bind traffic to a specific interface and it is not the same interface that using the tunnel, any traffic destined for the tunnel can't as it is forced out a different WAN.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hello,

Thank you for the response.

And sorry. That's not really clear, that sure !

Gateway to Gateway VPN is using WAN1

My protocol binding parameters are :

WAN2 is Cable Internet

WAN1 is SDSL

A traceroute from a 192.168.10.x computer to

another device through VPN (192.168.5.x) makes the route

to the good ip adress, but it seems blocked.

hydromeltech
Level 1
Level 1

Me again.

It seems I have DNS problems.

Even without VPN I can't reach some adress.

How should I configure DNS ?

Can I use the router as DNS server ?

Thx

hydromeltech
Level 1
Level 1

I have no response !

It seems that binding all protocol to WAN1 block the IPsec through this same WAN.

I should, I think except the ipsec protocol from binding.

I need to bind the others IP through this WAN.

How can I fix this problem ?

Someone could help me ?

Thx.

G. A.

A common reason people configuring protocol binding rules is that some secure web sites do not like to see different source IP addresses within a session. So one can bind https to one of the two WAN interfaces.

What makes you want to use protocol binding?

hydromeltech
Level 1
Level 1

Hello,

thx to answer.

I need to bind some IP because :

I have 1 NAS Device, I would like it use the WAN2, it is used from outside LAN by peoples and I want it

to have his dedicated Internet connection.

Then I would the rest of the LAN use the WAN1 to distribute the charge.

Also, I let load balance without protocol binding to tried, and had problems with https site, exactly like you said.

Some other protocols should makes me same problems with load balancing without protocol binding.

The NAS is in 192.168.10.200, that's why my binding parameters are.

Also, I need a gateway to gateway IPsec VPN. To connect 2 different location. To reach the MAN of the other

Location. I want to make it using WAN1.

Without protocol binding, It works correctly.

When I set the IPs LAN (without the NAS) :

All traffic, 192.168.10.100~192.168.10.X(0.0.0.0~0.0.0.0)WAN1

I can't reach the other LAN through IPsec VPN with devices with ip inside the "all traffic" rules.

Would you be able to provide a network diagram so your requirement can be analyzed more accurately.

hydromeltech
Level 1
Level 1

Here the diagram.

Thanks to help

There is a known issue that the current firmware cannot support two protocol binding rules with an overlap. In your config, you have a rule that bound all traffic to WAN1 and another rule, overriding the first rule to bind the traffic from NAS server to a server over an IPsec tunnel.

I am aware of a beta firmware that attemped to fix the issue. If your situation warrants to try the beta firmware, please contact the support center and escalate the issue to Level 2.

hydromeltech
Level 1
Level 1

Ok.

Thanks for the help.

I will contact support center to try the beta fw.

cpanti
Level 1
Level 1

Hi Gael,

More or less ... I'm facing the same problem

Can you please tell me if you managed to find a solution?

Thanks and regards,

Catalin

hydromeltech
Level 1
Level 1

I have contacted support center, I waiting for news from them.

@Tekliu : My all traffic to Wan1 rule doesn't override the all traffic to WAN2.

I set the ip for all traffic for WAN2 to the NAS ip ! Or I didn't understand how the protocol binding on theses

router is working.

I used before a netgear product and did like that. I changed to cisco product for eaysier VPN gateway to gateway configuration.

@Catalin

For now, I have no response from support center.

As soon I have a solution, I tell you what I can solve and how, to you.

hydromeltech
Level 1
Level 1

Hello Catalin,

I resolved the issue with the cisco support with a beta firmware.

If you still have your problem, contact them to see if you can try the firmware.