Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2476
Views
0
Helpful
7
Replies

VPN gateway to gateway - wrong IP address

Go to solution
TicTacToe15
Level 1
Level 1

‎04-29-2015 03:38 PM

Hello,

 

I'm new to this forum hoping to find some help. And I hope I posted my problem at the right spot.

 

I'm trying to set up a VPN connection between two RV082. 

When I select at local security gateway type: 'IP only' Location A comes up with the WAN IP address as it should be, Location B sets the local gateway address 10.10.1.10 instead of WAN IP.

I thought I have an issue with DNS, so I chose a free DNS service and changed settings accordingly in both routers. I went back to factory settings in Location B.  Then I reset the router there - nothing changed. I can't get the connection to work.

Remote gateway on both IP - DNS resolved

firewall of routers have rules to allow IPsec and WAN requests is enabled.

IPsec settings on both ends are identical with Pre-shared key

Any help around for me? What did I miss that local gateway IP is pulled instead WAN IP?

Thanks in advance for taking the time.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kevyen
Cisco Employee
Cisco Employee
In response to TicTacToe15

‎04-30-2015 12:47 PM

Hello,

I'm glad that you were able to figure out the problem. 

What you want to do is to setup a one-to-one NAT. One-to-one NAT creates a relationship that maps a valid WAN IP address to LAN IP addresses that are hidden from the WAN (Internet) by NAT. This protects the LAN devices from discovery and attack. 

 

I think this is needed to be configured on your Comcast router. 

 

I hope this helps. Please let me know if you have anymore questions or concerns.

 

Sincerely, 

Kevin Yen

View solution in original post

0 Helpful
7 Replies 7

Go to solution
kevyen
Cisco Employee
Cisco Employee

‎04-30-2015 12:30 PM

Hello TicTacToe15,

 

Thank you for using the Cisco Small Business forums. My name is Kevin, I am an eSupport Content developer. It seems like your router at location B is being assigned a private address (10.10.1.10) as opposed to a public WAN IP address. This could be due to the fact that your router is behind a NAT (Network Address Translation), in other words, it is being connected into additional router. Could you tell me what your topology (network layout) is?      

 

 

I hope this helps, please feel free to respond back if you have any questions or concerns.

 

Sincerely,

Kevin Yen

0 Helpful

Go to solution
TicTacToe15
Level 1
Level 1
In response to kevyen

‎04-30-2015 12:42 PM

Hello Kevin,

 

Thanks for responding!

 

We have one headquarter - unfortunately I called it location B - and a new branch Location A with a newly purchased RV0082, new computer, it needs to be connected to the headquarter's server to have access to inventory software located on the server.

 

The document you shared was well used already for the recent days and was great help.

 

The setup from headquarter was not mine, I found out today that apparently there is a router between splitter and the RV082 - a Comcast business router, and its address is the one RV082 pulls.

 

I have no idea how I can work around the Comcast router, I can't attach the RV082 directly to the splitter and I can't simply unplug the Comcast router because of other services it provides.

 

I reset the Comcast router to gain access with default login, but it failed - seems to be a usual problem as far as I could find out via internet.

 

Is there any way that I can create a VPN tunnel with the comcast router in between?

 

The headquarter is an actively running store, the new location opens Saturday (I'm a kind of in a hurry)

 

I very much hope you have a hint for me.

 

Thanks,

 

PS: I just learned that the splitter is only for telephone. So it's a parallel structure: incoming cable splits in TV, Telephone and the Comcast router. It looks like I have to live with the Comcast router in between.

Thanks so much for any help

0 Helpful

Go to solution
kevyen
Cisco Employee
Cisco Employee
In response to TicTacToe15

‎04-30-2015 12:47 PM

Hello,

I'm glad that you were able to figure out the problem. 

What you want to do is to setup a one-to-one NAT. One-to-one NAT creates a relationship that maps a valid WAN IP address to LAN IP addresses that are hidden from the WAN (Internet) by NAT. This protects the LAN devices from discovery and attack. 

 

I think this is needed to be configured on your Comcast router. 

 

I hope this helps. Please let me know if you have anymore questions or concerns.

 

Sincerely, 

Kevin Yen

0 Helpful

Go to solution
TicTacToe15
Level 1
Level 1
In response to kevyen

‎04-30-2015 12:59 PM

Thanks Kevin,

I'll focus on getting access to the Comcast router then to setup the one-to-one NAT. You're great help. I hope I'll be able to solve the problem then, if not, I'll take the liberty to ask again.

 

Best,

 

0 Helpful

Go to solution
kevyen
Cisco Employee
Cisco Employee
In response to TicTacToe15

‎04-30-2015 03:15 PM

No problem! 

If this solves your problem, please mark the question as answered or rate it so other users can benefit from it. 

 

Sincerely, 

Kevin Yen

0 Helpful

Go to solution
TicTacToe15
Level 1
Level 1
In response to kevyen

‎05-01-2015 12:11 PM

Hi Kevin,

I'm now able to enter the router from Comcast and could enter the one-to-one NET. I as well have now at the headquarter a static IP:

They gave me .xx.xx.xx.37 as the public IP

the same ending on xx.xx.xx.38 as gateway address

subnet 255.255.255.252

dns 75 75 75 75 / 75 75 76 76

 

the LAN IP setup within the router reads 10.1.10.10

DHCP starts 10.1.10.10 ends 10.1.10.199

 

I unchecked the following boxes of the Comcast router:

Disable Firewall for True Static IO Subnet Only

Disable Ping on WAN interface

still checked is:

Disable Gateway Smart Packet Detection

 

There's no 1-to1 NAT defined yet.

 

They told me that VPN should work fine with static IP without 1-to-1 NAT definition, but I loose internet connection as soon as I define static IP in the Setup menu of RV082 - I think I tried all combination with Gateway ... 38 or 10.1.10.10.

My Questions are:

Do you have advice how to define 1-to-1 NAT within the configuration given?

and how to handle the static IP within the general setup of the RV082 and within the VPN.

and what else did I miss?

 

THANKS so much for your help and your invested time! It's highly appreciated.

V. 

0 Helpful

Go to solution
kevyen
Cisco Employee
Cisco Employee
In response to TicTacToe15

‎05-07-2015 03:59 PM

Hello,

Sorry for the late response.

I just want to verify, did you successfully assign your static xx.xx.xx.37 IP address to your Location B router and the xx.xx.xx.38 IP address for your Comcast router?

If so, then you should first try and make sure you can ping from the xx.xx.xx.38 interface on the Comcast router to the xx.xx.xx.37 IP address.

Let me know if that works.

 

 

What about your location A configuration? Does it also have a Comcast router there? If so you would want to make sure you do the same thing as you did with Location B.

If you can ping between the Comcast router and the RV082, then you should be able to create a tunnel from Location A to Location B.

 

Sincerely,

Kevin Yen

 

0 Helpful
Customers Also Viewed These Support Documents