Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
980
Views
0
Helpful
2
Replies

Unable to allow traffic from remote office - Cisco RV220W

eva.hernalva
Level 1
Level 1

‎02-22-2013 02:37 AM

Hi there,

I have just bought the RV220W Cisco router firewall because my DLINK-1600 got broken and now I am unable to allow access to the machines located behind this router from the machines located at a remote office. Any help would be much appreciated!!

This is the situation:

1. Two remote offices A and B connected by a VPN tunnel (this connection is managed by an external provider and it is properly functioning)

2. IP range A office: 192.168.236.0/24

3. IP range B office: 192.168.237.0/24

4. Office A: CISCO RV220W router/firewall (the one that I´ve just bought as the old dlink has broken). This RV220W is connected to a cisco router (managed by provider) that is the one with the VPN tunnel to the other office. The CISCO router does not do NAT. On the other end (Office B) there is another CISCO router managed by the provider.

5. Everything was working smoothly until our old router/firewall got broken and that is when I bought the rv220w. I have set up the CISCO RV220W at office A and the machines can ping the machines located at office B and can browse the internet, i.e., the traffic going out is OK and in that sense everything works smoothly.

6. The problem is that the machines located at office B cannot access the machines located behind the CISCO RV220W and I know it is a problem of the firewall as if I capture traffic coming from office B, I can see that it is dropped by the CISCO RV220W.

7. I have tried to enable an access rule in the firewall to allow traffic from office B (see picture below) but it does not seem to work. In the field, Send to Local Server (DNAT IP) I have entered the WAN IP of my router (you cannot leave it blank) … this rule does not work at all. I think that is not properly configured but I don´t know how to do it.

8. As you see, the problem is that I don´t know how to set up a rule to allow specific traffic coming from the WAN (traffic from remote office – 192.168.237.0/24) to the LAN at office A - 192.168.236.0/24.

In the old router/firewall I just had to create a rule specifying the source interface (WAN) and network (Office B) and the destination interdace (LANOfficeA) and network (Office A). It does not seem that here I can do the same. i mean, you always have to point to a server ip inside the LAN??

I know it has to be a very easy thing to do but at this moment I am completely stuck. If anyone can give me some advice would be great.

Thanks a lot for your help in advanced!

Eva

Labels:
Preview file
1 KB
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎03-15-2013 07:04 PM

Hi Eva, the default inbound policy cannot be changed. It will block all inbound traffic. To my knowledge there is not a way around this. Access rules are the only way to 'poke' a hole through the firewall but as you note, it is for a specific host. Values such as .0 and .255 do not work.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

eva.hernalva
Level 1
Level 1
In response to Tom Watts

‎04-09-2013 12:15 AM

Thanks Tom.

Finally the provider managing the VPN side at Office A , set up an internal address in the range 192.168.236.0/24 (office A) in its router to which the traffic coming from office B is now delivered. This way, the firewall does not inspect the trusted traffic and everything is working now.

0 Helpful
Customers Also Viewed These Support Documents