07-04-2012 09:05 AM
I'll start off by saying although I have some IT experience, networking is not my strongest.
Picked up a pair of RV220W's for a project I'm working on. I have several IP's available, 4 of which are assigned to/in use by a server behind the RV220W. All 4 of these IP's are static external IPs. I'm trying to figure out how I can configure the RV220W so that requests to those 4 IP's get routed to the server.
Prior to purchasing this, I was under the impression what I was trying to do was called one-to-one NAT, but after reading the 'Help' document on the one-to-one NAT page, I don't think this is right. Emphasis added below:
Cisco RV220W Wireless-N Network Security Firewall Help
Firewall
One-to-One NAT
One-to-one NAT is a way to make systems behind a firewall and configured with private IP addresses appear to have public IP addresses.
One-to-One-NAT Rule Table
This table lists the list of available One-To-One NAT rules configured by the user.
Private Range Begin: start ip address in private (LAN) ip address
Public Range Begin: start ip address in the public ip address (WAN IP),
Public IP Subnet Mask: The Subnet Mask of the public IP
Range Length: Range length maps one to one private address to public address up to the given range.
Service: This column shows service to be accepted by LAN Host.
The actions that can be taken on One-to-One-NAT rules are:
(Check Box At First Column Header): Selects all the entries in the table.
Add: Opens the One-To-One NAT Configuration page, to add a new entry.
Edit: Opens the One-To-One NAT Configuration page, to edit the selected entry.
Delete: Deletes the selected entries.
So according to their documentation, the server in question would need to be configured with a private IP. Unfortunately, one of the applications I use is licensed via IP address and my understanding is that I cannot use the software with private/non-routable IP addresses.
Is the RV220W capable of not only securing the line (firewall, access rules, content filtering, port trigering & forwarding etc) but also doing what I was hoping to do (keeping the external IP's on the server, and routing appropriately)?
Many thanks for your advice & expertise!
Solved! Go to Solution.
07-04-2012 08:42 PM
Julius Perkins wrote:
Picked up a pair of RV220W's for a project I'm working on. I have several IP's available, 4 of which are assigned to/in use by a server behind the RV220W. All 4 of these IP's are static external IPs. I'm trying to figure out how I can configure the RV220W so that requests to those 4 IP's get routed to the server.
Given that your servers need to be configured with static public IP addresses, RV220W may not work for you.
RV042G supports DMZ port, which allows the servers to be connected to the 2nd WAN port (labeled with "DMZ/WAN") through a switch.
07-04-2012 09:18 AM
Hi Julius, you may want to check out the DMZ feature of the router.
One to One NAT should still accomplish exactly what you want. Any requests going to the public IP will go to the server, there is "no difference" per se except it is hitting the router's IP block.
Page 82 of the admin guide talks about DMZ
http://www.cisco.com/en/US/docs/routers/csbr/rv220w/administration/guide/rv220w_ag_78-19743.pdf
07-04-2012 09:45 AM
Thank you for taking the time to not only read but respond to my post Thomas! (And so fast too!)
I had considered the DMZ (forgot to mention), but there are two things:
I'm happy to use one-to-one NAT, but I'm just not sure I understand the input it expects so I'll go out on a limb and explain what my train of thought is:
Is that the proper one-to-one NAT setup?
07-04-2012 09:56 AM
Example scenario;
Internet IP block
IP block - 75.75.75.75 through 79
RV220W WAN interface IP 75.75.75.75
RV220W Local network subnet 192.168.1.0/24
Web Server Public Destination 75.75.75.76
Web Server 192.168.1.250
Internet----
|
|
RV220W--------Web Server
Setup:
Firewall -> Advance Settings -> 1-to-1 NAT
Private Range Begin - 192.168.1.250
Public Range Begin - 75.75.75.76
Range Length - 1
Service - Whatever you're doing, and you can create custom services if the default services are not sufficient
With this mentioned set up, this will make all inbound internet request on the 75.75.75.76 map to the 192.168.1.250 for the service you have specified. The Range Length is important because if you are using only 1 public IP to the internal IP map, you do not need more than a range length of 1.
07-04-2012 11:20 AM
Thanks again for the response.
The only problem is that I cannot change the IP address of the server in question to a non-routable/private IP. If I do that, I'm going to run into licensing problems because the license is bound to the IP on the box.
What about the DMZ? Only supports one IP right? No way to configure a range?
07-04-2012 12:03 PM
The problem with the RV220W DMZ, it is a software DMZ, it essentially is a different flavor of 1-to-1 NAT.
I think you'd be looking more for a "hardware DMZ".
Hm, it may not be a bad idea to get an unmanaged switch and connect that server box to one port then connect the RV220W internet port to the switch as well.
Is a work around like this feasible?
07-06-2012 08:07 PM
Thomas Watts wrote:
..
Hm, it may not be a bad idea to get an unmanaged switch and connect that server box to one port then connect the RV220W internet port to the switch as well.
Is a work around like this feasible?
That's what I'm doing currently - was hoping to move away from that, but it works.
Thank you for your assistance - its greatly appreciated.
07-04-2012 08:42 PM
Julius Perkins wrote:
Picked up a pair of RV220W's for a project I'm working on. I have several IP's available, 4 of which are assigned to/in use by a server behind the RV220W. All 4 of these IP's are static external IPs. I'm trying to figure out how I can configure the RV220W so that requests to those 4 IP's get routed to the server.
Given that your servers need to be configured with static public IP addresses, RV220W may not work for you.
RV042G supports DMZ port, which allows the servers to be connected to the 2nd WAN port (labeled with "DMZ/WAN") through a switch.
07-06-2012 08:08 PM
I had considered the RV042G, but decided on the RV220W based on some throughput reviews I had seen.
Should I upgrade in the near future, or return these, I'll give that a shot. Thank you
07-06-2012 08:12 PM
Julius, another option, you can look in to would be a SRP541W. This has both options for a hardware and software DMZ with the gig ports. The feature set isn't as rich as the RV220W router but it would also give some things the RV220W can't such as fxo/fxs ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide