Hi,

I am tired and over my head for sure. I am an IT consultant, but have recently not had great success with the (second) RV320 I installed at a client a number of days ago. I had a devil of a time getting things to route and firewall at all.

I may have had a dud out of the box, as I had to take one router back and start over with a second RV320.

Currently, the client connections still seem slower than they should be, and I am pretty sure that I do not have the RV320 set to do the firewalling properly.

Usually when I work with a router, I know whether I have got it working properly or not. I just am not feeling sure with the RV320 I am working with.

It is an uncomfortable feeling.

I want to go back and reconfigure things to firewall for a Cisco SX20 videoconferencing box and console (see below), and properly reconfigure a now-shared internet connection with a SBS 2003 server and 10 users for web browsing on this same internet connection.

Eventually I would like to add a single Site to Site VPN to connect to a remote ASA5505.  But that's another kettle of fish for a separate thread.

I will confine this question to the sharing of the connection between the network and the video setup.

Part of my problem is that I do not completely understand the logic,  or the proper order of applying the Cisco Rules, One to One NAT, etc. and can't differentiate between my own mistakes, and malfunctioning or misconfiguration of the RV320 I installed .

Previously there were two separate ISP connections;

- a bonded T-1 3Mbps connection for SBS server and 10 users , separate public IPs , now gone. SBS server IP on new ISP below to x.x.x.180 outside. Inside 192.168.120.10.

10 user network, all Win 7.  Workstations get DHCP addresses from SBS 2003 srvr per recommended practice.

- another separate WebPass 10Mbps Ethernet/metronet connection with 5 public IPs. x.x.x.177 gateway, .177-.181.Previously with no firewall , no router, straight from ISP to small Cisco SG100D 5 port switch and then cabled to Cisco SX20 & touchscreen video boxes.

I did not set the Telepresence up originally,  but I do have some access to the console for the local end. There is a separate public IP for each unit, the SX20 and the TScreen with public outside IPs of x.x.x.178 and x.x.x.179. I guess they require a public IP each, as that is how the Cisco approved vendor initially set it up. It works fine without firewalling, but is showing phantom calls, which I researched and believe are SIPViscious scans from the internet. Fairly harmless ,I hope, but annoying.

The situation arose where I had to quickly reconfigure  the SBS server and network to share the 10Mbps internet connection, previously dedicated to the videoconferencing system.

In emergency mode on a Friday night, I initially put in an old  Linksys WRVS4400 v1.1 router I had on hand, with the wireless turned off as a temporary setup. Seemed to work OK, but ran hot. After a day or so, the WRVS4400 started  locking up intermittently every 5-12 hours. 

I went out and quickly researched and bought the CiscoRV320, even though I would only be using one WAN port initially. I though it could be handy to have two ISP connections again, (failover) ,or to use the second WAN port to DMZ the videosystem.

New setup:

RV320 - New and upgraded to latest firmware. I _thought_ I did a factory rest after the upgrade, but now am wondering if I did so.

Metronet connection to WAN1 on RV320. Initially through one of the Cisco 5 port switches ports, also tried with a direct connect to ISP. No apparent difference. So it is currently returned to internet connectio to switch first, and then to RV320, which I think is not correct.

DHCP turned off on RV320. (SBS srvr provides DHCP) .

Questions:

1. I am not smart enough to say why not, but my intuition is that it is not good to have a switch on the outside between the router and the internet. Attaching this as it is does allow the Cisco Telepresence to directly connect via its two public IPs . And, it works, but I suspect it limits the system throughput to that of the little Cisco switch, and suspect it is possible that the switch might not pass all traffic (UDP issues?).

2. I would like to reconfigure the video gear to be on two NAT inside addresses, and have the .178 and .179 public IPs "forward" to them, and to also firewall from the SIPViscious scanning from outside.

How do I take two public outside addresses and properly direct them to NAT inside addresses with firewalling?

Port forwarding  for video?

One to One NAT for two address, then firewall Rules?

Or?

3. If I go back and do a factory reset, can I reconfigure from a saved config file and get the full healing effect of the factory reset?

4. I can usually set up port forwarding and NAT without problem, but have always been confounded by the C

5. I have started to work with Ubiquiti Unifi equipment, and they are learning that it is advantageous to give lots of example configurations for people to set up and modify and learn from. Does Cisco have a repository of such configs for various specific equipment?

e.g, It would be great if when they released the RV320 router, it would be released from the beginning with a variety of basic tested configuration templates, created and tested by Cisco engineers. For some situations they could be modified and used "out of the box'.  And for more complex ones, they would be good learning templates.

OK. I've been too long winded and I'm done.

Thanks to all!

Bob Huber

IT Consultant