cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4340
Views
15
Helpful
13
Replies

RV345 NAT Transversal

mbrauer
Level 1
Level 1

An ISP change requires that NAT Transversal be enabled on one end of a site-to-site VPN.  I can't find anyplace on the RV345 to enable that.  It is available on the RV320.  Am I missing something or is this not an option on the RV345?  I would expect it to be there if it is available on the RV320

13 Replies 13

Iliya Gatsev
Cisco Employee
Cisco Employee

Hi, 
My name is Iliya Gatsev from Cisco Technical Support Team.

 

 

To configure NAT, follow these steps:

RV340 Administration Guide 67 Firewall Network Address Translation

Step 1 Click Firewall > Network Address Translation.

Step 2 In the NAT Table, check Enable NAT for each interface on the Interface list to enable.

Step 3 Click Apply.

 

Please rate this post or marked as answered to help other Cisco customers.

 

Iliya Gatsev
Cisco STAC Network Engineer
Together we are the human network .:|:.:|:. CISCO

Mr. Gatsev has advised incorrectly.     The original poster is seeking NAT TRAVERSAL, not mere NAT.

roelofotten264
Level 1
Level 1

Hi, I am having the same issue as mbrauer.

The RV340 does not have an option in the VPN config to enable NAT traversal (or Reverse NAT), firmware 1.0.01.18.

I purchased an RV340 to replace an RV320, (that was doing the NAT traversal nicely).

But now the VPN to my remote site does not connect, because I cannot configure the NAT Traversal on the RV340.

Cisco: please note that this is not about the regular NAT, as explained by Iliya below.

The datasheet of the RV340 mentions "VPN NAT traversal"

Please, How do I get this working ?

 

Even I am Struggling to find the Site-to-Site  NAT Traversal Feature which is required by me.

I just purchased this for the same reason. please do urgently help in providing a firmware upgrade to get this working.

Urgently need assistance.

It seems the RV345 router does NAT traversal on its own. I guess it doesn't need a configuration for that. If the remote identifier type is chosen to be an FQDN may solve the problem.
If the RV345 router is a middle-men between any two sites of a VPN tunnel then we may need to enable IPSec passthrough (Which is configurable in VPN->VPN Passthrough page).

I tried all the options,

NAT traversal if required, the previous model is working, the document mentiones NAT traversal support so i purchased this. 

Looking for an urgent firmware upgrade assistance. the product is not providing what is mentioned in its data sheet and creating issues in our solution.

Also need assistance in 3G modem support over USB i tried three different  none working

Idmello, can you give me your deployment setup diagram? Also configuration that you are trying on the router? Logs will also help us narrow down the issue...
BTW which dongle make you are trying? Let me know the model number, I will try out them locally....

Hi I have been trying using DLINK  dwm-156. and also huawei-e5151.

 

Please do let me know which USB 3D/4G vendor and model will work so i can work on testing the validated USB 3G/4G modem.

 

 

Only a few of the dongles seem to be supported. Not sure if CISCO has any plans to expand the support for other vendors/model versions. Check below link for current models supported:
https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340W/USB_Compatibility_Matrix/compatibility_matrix.pdf

I agree. With firmware 1.0.03.20 I can establish a site-to-site-VPN-connection with a customer who is using NAT traversal. Although I don't have this option in the RV340 the connection ist established and working.

Martin Aleksandrov
Cisco Employee
Cisco Employee

Hello,

 

Does your ISP use IKEv2? You can switch to IKEv2 on your IPSec profile with the S2S VPN. IKEv2 has built-in NAT traversal and should be enabled by default.

 

 

Regards,

Martin

I can verify that this works for me. Firmware versions 1.0.03.15 through 1.0.03.20. 

Two RV34x routers. One side has a fixed, public IP address. The far side has an fixed private IP address that is then NAT'd by the ISP's router. I have an IKEv2 Site-2-site tunnel between the routers. 

On the near side, I use the public IP address as the identifier.  On the far side, we use the FQDN as the identifier. 

 

The one thing that is necessary is that the far side must initiate the VPN connection. What I have done is under the Advanced Settings tab of the Site-2-site VPN configuration, set the following:

Near side (Fixed public address): 

- DPD Enable
- - Delay time 10
- - Detection timeout 30
- - Delay Action Clear

Far side (private IP):

- DPD Enable

- - Delay time 10

- - Detection timeout 30

- - Delay Action Restart

 

That seems to take care of things.

 

 

HTH

 

@A D'Auria

 

Hi there,

 

I am glad you have a working VPN  scenario with DPD enabled on both ends so you can benefit with earlier detection of dead peers. 

 

Regards,

Martin