cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3438
Views
0
Helpful
6
Replies

Setup VPN on WRV210 as second router

Ghassan1965
Level 1
Level 1

I am attempting to setup a network containing two routers, a primary giving me ADSL internet access (a 3com 3CRWDR101A-75) and a secondary router that has VPN (Cisco WRV210).

The primary router has the following LAN settings: 192.168.0.1 / 255.255.255.0 with DHCP enabled.

WRV210 has the following LAN settings: 192.168.1.1 / 255.255.255.0 with DHCP enabled.

Cable connection is from LAN port of first router to Internet port on second router.

In this way, I'm able to get internet browsing on 2 laptops connected to WRV210

I have also a Panasonic IP PBX connected on the second LAN (the WRV210)

I need to setup the VPN on WRV210 to be able to get SIP calls from outside of the local networks (through internet).

As I am a novice in networking, both routers are on DEFAULT setting.

I have learned a lot during the last 7 days to be able to understand the networking concepts but failed to setup the correct configuration.

For example if I change WRV210 from gateway mode to Router mode, I will not able to browse the internet despite the Help that says "Select the mode in which this Router will function. If this Router is hosting your networks connection to the Internet, select Gateway. If another Router exists on your network, select Router. When Router is chosen, Dynamic Routing will be enabled"

Also i am able to ping the first LAN 192.168.0.x from WRV210 but not on the other side (from primary router to WRV210).

I am confused to use and combine different settings (NAT, Routing, Ports, ...)

I very much appreciate if someone could provide a step by step to configure the proper network and be able to reach my IP-PBX on the second LAN from anywhere.

Thank you

1 Accepted Solution

Accepted Solutions

Hi Ghassan, the port forwarding should be set up on the WRV210 router. The 3com device is basically a non-factor. If you need assistance with creating port forwarding, please call the small business support center.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

6 Replies 6

Tom Watts
VIP Alumni
VIP Alumni

Hi Ghassan, there are a couple different ways to skin the cat.

Example:

Internet IP 75.75.75.75

3com IP 192.168.0.1

WRV210 192.168.1.1

PBX 192.168.1.250 with access on port 5060

The 3com should be set up with a port forwarding rule which would be source port 5060, destination port 5060 to host 192.168.0.1. The WRV210 should have a port forward for source port 5060, destination port 5060 to PBX 192.168.1.250.

The remote phone can be configured with a TFTP address of the WAN of the 3com router, in this example 75.75.75.75.  This will register the phone over the WAN provided the PBX can take inbound connections from different subnet and/or listening for TFTP traffic from a different subnet than what it is part of.

As far as a VPN configuration, it may be possible but you may look in to options to make the WRV210 the gateway router. But also, you will have to have a router at the remote site which supports site to site VPN tunnel. So a VPN will really depend on what else you have available but also the condition of the deployment and the fact you have a double-nat complicates things enough. SIP and NAT don't play well together, SIP and double-NAT is even worse.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

I have set up the port forwarding but nothing happened.

I'm still not able to ping 192.168.1.1 from primary LAN.

Also primary LAN has given 192.168.0.9 to WRV210 and I cannot ping that address from 3com side.

I forget to mention that I am able to use a SIP application on my mobile (connected wirelesly to wrv210) within the same LAN as the PBX (192.168.1.250).

If I change the wifi network of my mobile to connect to 3com, it says the server cannot be reached.

For the VPN configuration, I cannot make WRV210 as the gateway as it does not support ADSL connection.

Still stuck.

Ghassan, as far as ping goes, the WRV210 won't reply to ICMP by default on the WAN, you would need to go to the firewall setting and disable blocking ping. It would be expected not able to ping the LAN ip address since it is nat and subject to the firewall.

You can look at the scenario with the same fundamentals of having 1 router.

If connecting from the 3com LAN then forwarding needs to be created on the WRV210 device for the SIP/RTP services to the PBX IP.

Examples-

SIP application is 192.168.0.30

WRV210 - wan 192.168.0.9

WRV210 - lan 192.168.1.x

PBX - 192.168.1.250

In theory, if you forward all SIP 5060~5090 and common RTP range 10000~30000 and you have application point to the IP address of the WRV210 WAN 192.168.0.9 this should be able to hit the PBX and register.

Conversely, if you are using the WRV210 as 'router mode' the dynamic routing feature is through using RIP. This is not entirely necessary. The WAN port as gateway has a 'NAT' feature. When setting the WRV210 as 'router', this removes the NAT feature from the WAN port. This means you may either configure the WRV210 on the same subnet as the 3com OR you may add static routes manually to direct the traffic unless your 3com device supports RIP as well then it can dynamically build a route table.

The largest challenge is when using different subnets without vlans, the gateway device often doesn't know how to route request not on the same subnet which means the source traffic needs a path back. This would also introduce the possibility of requiring a static route on the 3com router.

Don't forget the network fundamentals which different subnets can't communicate to each other without some help (knowledge that they exist).

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Ghassan, as far as ping goes, the WRV210 won't reply to ICMP by default on the WAN, you would need to go to the firewall setting and disable blocking ping. It would be expected not able to ping the LAN ip address since it is nat and subject to the firewall.

I have disabled "Block Anonymous Internet Requests" and I can now ping to 192.168.0.9

You can look at the scenario with the same fundamentals of having 1 router.

If connecting from the 3com LAN then forwarding needs to be created on the WRV210 device for the SIP/RTP services to the PBX IP.

Examples-

SIP application is 192.168.0.30

WRV210 - wan 192.168.0.9

WRV210 - lan 192.168.1.x

PBX - 192.168.1.250

As I mentioned previously, I do not have much knowledge on setting forwardings but I can manage to do it in a step-by-step explanation. I very lost when it comes to set up the routes between destinations.

for your information, here is what I have on 3com

Flags

Network Address

Netmask

Gateway

Interface

Metric

C

0.0.0.0

0.0.0.0

y.y.y.y

PVC1

0

C

y.y.y.y

255.255.255.255

directly

PVC1

1

C

192.168.0.0

255.255.255.0

directly

LAN

0

S

192.168.1.0

255.255.255.0

192.168.0.9

LAN

1

C

127.0.0.1

255.255.255.255

directly

Loopback

0

C

x.x.x.x

255.255.255.255

directly

PVC1

0

y.y.y.y is ISP gateway

x.x.x.x is ISP static IP

192.168.0.1 is 3com lan

192.168.0.9 is WRV210 wan

192.168.1.1 is WRV210 lan

192.168.1.101 is PBX

And this is WRV210 routing table

Destination LAN IPSubnet MaskGatewayInterface
192.168.1.0255.255.255.00.0.0.0LAN&Wireless
192.168.0.0255.255.255.00.0.0.0WAN
Default Route (*)0.0.0.0192.168.0.1WAN
127.0.0.10.0.0.0127.0.0.1LOOPBACK

As for the port forwarding, I did this on 3com

Trigger Port

Trigger Protocol

Public Port

Public Protocol

Enabled

5060UDP5060UDPyes





And this on WRV210

Application Name

Start ~ End

Protocol

IP address

Enable

SIP5060 - 5060

UDP192.168.1.101yes





Tom, where do I go from here? I very much appreciate your help.

Hi Ghassan, the port forwarding should be set up on the WRV210 router. The 3com device is basically a non-factor. If you need assistance with creating port forwarding, please call the small business support center.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom, It took me time to swallow all those terminology but your answers were helpfull. Thank you