Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
4
Replies

RV320 DMZ setup issue. I can accept inbound connections only

Rickam
Level 1
Level 1

‎03-01-2022 08:53 AM

Hello,

I've had this problem for a while now, but have decided to take another look at it.   As it is now, I can accept inbound connections to the DMZ from the internet. 
I am using the dedicated DMZ port on the router, and have configured for the "DMZ subnet"

I'm using 192.168.9.1, subnet: 255.255.255.0 for the DMZ address.


From the DMZ I am able to accept inbound connections from the internet, but I can't establish connections.  This is a problem when I wish download updates and security patches. 

 

From the DMZ I can ping the router (at the above address), and I can ping my public IP address only.

Many thanks for your assistance, and all best.

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-01-2022 09:16 AM 

This is a problem when I wish download updates and security patches.

is this problem download from LAN or DMZ  ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rickam
Level 1
Level 1
In response to balaji.bandi

‎03-01-2022 09:58 AM

Thank you BB for your reply.  Sorry I was not clear on this:

 

The LAN is working fine (I can connect the to the internet on LAN).  The problem is only with the server in the DMZ not being able to reach the internet.    In terms of outbound connections; at this time I can only ping the Router, and my public IP address. 

I am using the DMZ port on the rear of the router. 
I have set up the PORT ADDRESS TRANSLATION to forward SSH and HTTPS to the computer in the DMZ.  and that is working OK.

I have also set up a firewall rule to prevent computers on the LAN from connecting the to server on the DMZ (with the default setting on the RV320, computers on the LAN where able to ping this computer)

 

 

0 Helpful

Rickam
Level 1
Level 1
In response to balaji.bandi

‎03-02-2022 09:49 AM - edited ‎03-02-2022 11:53 AM

I have had a look at these instructions and this seems to be the relevant text:

 

"Step 5. Enter in the DMZ IP Address and Subnet Mask. (Anything that is plugged into the LAN4 segment must be in this network).

Note: Make sure that the device connected to the DMZ port has that static IP address. This IP address may need to be outside of your WAN subnet.   In this example, we will be using a public IP address for the DMZ".

 

What I've now done is to make this IP address the exact same as the server inside the DMZ. "Make sure that the device connected to the DMZ port has that static IP address"    The result of doing this is that now when I type in my public IP address in a web browser I get the login page for my Cisco router (but it does not allow me to login).  

 

When I connect from my mobile phone (using a different public IP), I am directed to the HTTP web server in the DMZ.  But now some things are not working as expected. The virtual hosts are not working for the web server, and also it still can't connect to the internet.


What should I be using now as my gateway IP for the server in the DMZ?


For now I will set it how it was before: With the DMZ port on the router having a different address to the server in the DMZ, and adding the PAT instructions to direct SSH and HHTP to the server.  This allows my virtual hosts to work on the webserver (but unfortunately with the server still unable to ping the web).
 

many thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents