Here is my hardware:

1. ATT BGW320 Fiber Internet Gateway (with 1Gbps symmetric connection)
2. Cisco RV345 Router

Here are my goals:

1. Multiple LAN subnets with inter-routing capability

2. All LAN subnets must have private IPv4 addresses
3. Some LAN subnets must have internet routable IPv6 addresses (ideally multiple ones but I havent figured out how to do this yet)

4. VPN from mobile devices via Cisco AnyConnect from mobile devices
5. VPN must be routable to other LAN subnets

6. Avoid double NAT and/or slow performance

I have tried many things over the timeframe of a month; factory resetting the RV345 at least a dozen times to ensure everything is cleared from previous attempts. I am using the latest firmware from Cisco on the RV345. Here are the 2 examples where I got the closest to achieve my goals:

-----------------------------------------------------------------------------------------------------------

1. "ATT device in passthrough"

* ATT gateway in IP passthrough mode

* RV345 with DHCP WAN1 IPv4 with NAT enabled (DHCP issued address is public IP from ATT gateway)

* RV345 with DHCP WAN1 IPv6 with prefix delegation enabled

* VPN SSL activated with 192.168.50.0/26 on WAN1

* VLAN1 as 192.168.1.0/24 with DHCP enabled, IPv6 as Prefix Delegation WAN1 subnet and DHCP enabled, Router Advertisement enabled with 30 sec unsolicited multicast and Managed Flag enabled

* VLAN2 as 192.168.2.0/24 with DHCP enabled, IPv6 as fec0:2::/64 and DHCP disabled, Router Advertisement disabled

With this configuration I get pretty close .... my biggest issue with this is the IPv6 seems buggy. For example, if I setup a continuous ping from a Windows 11 device on VLAN 1 to the RV345 IPv6 link local address, sometimes pings are lost. Upon deeper inspection I can see the pings are lost around the time when the RV345 sends out the router advertisement packets, but shortly afterwards pings work again. This is concerning because the end device IPv6 gateway address is the link local interface address on the router and if it doesn't respond sometimes ... you see where this is going. Furthermore, if I let this whole config run an extended period of time ... perhaps a day .... then I have seen my Windows 11 on VLAN 1 device completely loses IPv6 internet connectivity. If I unplug the cable and plug it back then it goes back to working; for a day or so. Also sometimes the IPv6 delegation doesn't seem to want to function so I have to reboot the RV345 to get it going. Finally with this configuration I have noticeable additional application latency for LAN device applications (for example streaming is maybe 1/2 second quicker to start up when I bypass the RV345) .... but maybe this is related to the IPv6 issues.

----------------------------------------------------------------------------------------------------------

2. "Cisco RV345 device in passthrough"

* ATT gateway in normal (not IP passthrough) mode with 192.168.0.0/24 as LAN range

* RV345 with DHCP WAN1 IPv4 with bridge mode to VLAN1 enabled

* RV345 with DHCP WAN1 IPv6 disabled

* VPN SSL activated with 192.168.50.0/26 on WAN1

* VLAN1 as 192.168.0.0/24 with DHCP disabled, IPv6 as fec0:1::/64 and DHCP disabled, Router Advertisement disabled

* VLAN2 as 192.168.2.0/24 with DHCP enabled, IPv6 as fec0:2::/64 and DHCP disabled, Router Advertisement disabled

This configuration also gets pretty close .... all devices connected to VLAN1 have flawless IPv4/IPv6 connectivity (including the Windows 11 device I primarily used for testing in the 1st scenario). VLAN2 and VPN are where this falls short as bridge mode seems to disable a lot of routing functionality.

Thanks for any ideas/comments