Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
0
Helpful
7
Replies

RV082 v3 Load Balancing (Protocol Binding) with IPsec tunnel to RV082 v3

stevejfrank1
Level 1
Level 1

‎03-15-2013 07:27 PM

We have tried a variety of options in an attempt to use Load Balancing (Protocol Binding) with an RV082 that has a site to site IPsec tunnel with another RV082. Both are v3.

Here is the issue. We have dual ISPs, one has great bandwidth, but we incur overages. The other has mediocre bandwidth, but has unlimited usage.

GROUP1 - We want most PCs to use the "unlimited" ISP for general surfing, email, etc. (Bound all ports for range of internal IPs to ANY dest to WAN1)

GROUP2 - We want to use the "faster" ISP for our VPN tunnel (mostly RDP and SIP traffic). (Bound all ports for range of internal IPs to ANY dest to WAN2)

So far everything works. The router will route traffic appropriately and GROUP 1 uses WAN1 and GROUP 2 uses WAN2.

Unfortunately, sometimes GROUP1 users need access to resources over the VPN (WAN2).

There is something not right with the routing. For example GROUP1 can ping and receive responses from devices on the other side of the tunnel, but GROUP1 can't access intranet sites on the other side of the tunnel. They also can't RDP to PCs on the other side of the tunnel.

Why does the router correctly route ICMP, but not RDP?

We've tried adding additional protocol binding rules for specific ports(80, 3389, etc) and ip ranges (both local and remote) to see if we could force GROUP1 traffic destined via VPN through WAN2, but it doesn't work.

Shouldn't VPN tunnels created and configured in the RVs not adhere to protocol binding? It just seems logical to me, but maybe I am missing something.

I welcome any and all suggestions.

Regards,

Steve

Labels:
0 Helpful
7 Replies 7

Te-Kai Liu
Level 7
Level 7

‎03-15-2013 08:13 PM

Hi Steve,

What you described is a known issue, which has been fixed by firmware 4.2.2.05 (beta). If you like to test this beta firmware, you would have to contact SBSC to open a case. 

https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

0 Helpful

stevejfrank1
Level 1
Level 1
In response to Te-Kai Liu

‎03-21-2013 05:04 PM

SBSC needs a bug number so that I can get the firmware. Do you have this?

0 Helpful

Te-Kai Liu
Level 7
Level 7
In response to stevejfrank1

‎03-21-2013 05:15 PM

CSCtz41379 - RV082V3 Dual WAN Protocol Binding rule not working properly over G2G VPN

0 Helpful

stevejfrank1
Level 1
Level 1
In response to Te-Kai Liu

‎03-22-2013 02:31 PM

Well now I am stuck. They were not able to help. They said that I had to reproduce the issue and troubleshoot it with them before they were able to escalate and request the firmware. I spent 30 minutes in a chat with them and then got disconnected. I tried to follow the link that you posted, but it goes nowhere.

I need to get this client up and don't want to return the hardware after all of the work we have done to set them up.

What other options do we have to obtain this firmware?

Steve

0 Helpful

Te-Kai Liu
Level 7
Level 7
In response to stevejfrank1

‎03-22-2013 02:36 PM

Do you have a case number?

0 Helpful

stevejfrank1
Level 1
Level 1
In response to Te-Kai Liu

‎03-22-2013 02:41 PM

Te-Kai,

The person I was chatting with told me that they would email that to me before we were disconnected. It has been over 24 hours and I haven't seen anything. I don't want to have to go through all of that again. I was on a hotspot with an engineer vai webex chat session and I lost the connection. I was hoping that I could just open my laptop up and copy the contents of my chat session when I returned to document the runaround I got, but when I booted back up the window that the chat session was on reset and said "Invalid input or system error. Please try again or contact your site administrator.

This is getting quite frustrating and I am about to loose this client.

Any help would be greatly appreciated.

Steve

0 Helpful

SamirD
Level 5
Level 5

‎04-02-2013 08:36 AM

Because of the nature of the separation of the network, I think there may be a way to do this using two routers and a single subnet.  I haven't thought this through completely for anything that may not allow it to work, but what I'm thinking is disable DHCP on the rv042, allowing the IPs to be assigned by the other router.  Connect both lan sides of both routers.  Because they're on the same subnet, when a local IP across the vpn is trying to be reached, the rv042 will route that.  Otherwise, all the traffic will pass through the other wan connection. 

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
0 Helpful
Customers Also Viewed These Support Documents