cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3116
Views
0
Helpful
23
Replies

RV160 NAT

Marc OolB
Level 1
Level 1

Hello everbody,

I bought an RV160 just to make a nat translation form one router to an network

Topology = Cisco877>>>CiscoRV160>>>>customer network

I  am having this problem, I would like to NAT an adress 172.16.244.22 on my wan port to a 192.168.253.10 adress on my lan side.

So my static nat rule would be Private: 192.168.253.10   Public 172.163.244.22   all traffic.

Now i get the message that i cannot use the IP adres on the configured WANport when i choose this for the public IP adres.

 

So how do I do this?

Should I use Lan port instead of a wan port?

 

 

 

23 Replies 23

Hello Paul,

no

I just would like to have ha single static network translation, nothing more

I would like to NAT an adress 172.16.244.22 on my wan port to a 192.168.253.10 adress on my lan side.

 

 

Hello
understand but the windows server that’s performing the routing is directly attached to the 877 on the wan subnet so without disturbing that device you have no way of connecting the rv160 to the same wan subnet as the server and apply your nat unless there is a switch in between the 877 and the server.

You do have options but you need to do some changes - be it readdressing or attach a switch to share the wan subnet or bridge the wan connection providing the RV160 supports it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

 WHy not, 

the 877 has lan 4 ports, one is connected to the windows server with ip 172.16.244.10

he other port is connected to wan port of the rv160 

Hello
Apologies but didnt you say you had no admin control over 877 rtr?

Now you have a spare port on the 877 and it can be used in the same vlan as the wan subnet and you have spare wan subnet ip addresses then it would be possible.
So as the RV160 wants you to use a public ip that’s not the wan nexthop or its own wan ip address you would probably need to use a spare address for the static nat translation:

 

So just to confirm:
172.16.244.22 = next-hop of wan subnet for both windows server and RV60
172.16.244.10 window server
172.16.244.x - RV160 wan ip
172.16.244.y - RV160 nat ip address
192.168.253.38/25 = RV160 lan interface


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I add the setup

What to configure in the RV160 to get the packets from A to B

Hello Marc

Thank you for you topology, its much clearer to understand.
So if i remember the RV160 wont except to nat on 172.16.224.22 (its own wan ip address) so is it possible you can choose another address 172.16.244.2x that can be used for the NAT so then hosts 10.130.11.39 & 192.168.253.1 should become reachable for 172.168.101.102.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Lets say i would use 172.16.244.21 as my wan adres and I would make a nat rule on 172.16.244.22

To which adress should the server send the packets then?

it is not logical to me because there is no interface with 172.16.244.22

 

Hello
Your wan address should not be changed - just use another “wan” address for you static nat rule and any outside host will route towards that.

example:
from the outside hosts:
NAT rule 1
http 172.16.244.21 <>192.168.253.1 

NAT rule 2 
https 172.16.244.21 <>10.130.11.39

As long as 173.16.244.21 is reachable from outside hosts to your rv160 it should work okay.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nagrajk1969
Spotlight
Spotlight

Hi Marc

 

In case your routing issue between A and B (as shown in your last network-schematic that you posted) thru the RV160 is not solved yet, please try out the below. Iam thinking it will solve your issue

 

Note: By the way i have to mention that Paul Driver has been giving correct suggestion of using another IPaddr for your wan-interface on RV160 and the reason would become more clearer when you take a look at scenario-2/Method-2 which is what Paul-D has been suggesting and i second and support that advice. I am only mentioning more detailed steps relevant to RV160 which should make it more clearer to you

 

Scenario-1/Method-1: If you insist on using the ipaddr 172.16.244.22 only, on the WAN interface of RV160

1. We will assume that you have configured the ipaddr 172.16.244.22 on the wan interface of RV160

2.. Since you have mentioned that from RV160 you are able to ping/reach the network 10.130.11.0/24 network (or more precisely 10.130.11.39), it means that there is route and correct forwarding happening. So keep the configs as it is on RV160 (and the firewall 192.168.253.1).

- Here iam assuming that from RV160 you are sending ping to destination ipaddr 192.168.253.1 which is then port-forwarded to 10.130.11.39. This is becos as per my assumption 192.168.253.1 looks to be a firewall with nat-enabled on 192.168.253.1.

 

3. So next, what you can do in this method/scenario is that you will create a Port-Forwarding rule in RV160 (in the Firewall section) as shown in attached schematic "method-1-withPortForwarding-onRV160-png"

 

- What this will result in is:

a) The host-A will send traffic to destination ipaddr 172.16.244.22, and it will be port-forwarded (for all traffic) to 192.168.253.1

b) And then on 192.168.253.1, this traffic will be i think further port-forwarded to 10.130.11.39 which is Host-B

c) In the reverse direction the reply traffic or any traffic initiated from Host-B to Host-A will get snated/nated to 192.168.253.1 and which will be further routed to RV160 where it will get once more NATed to 172.16.244.22 and routed upto 172.16.101.102..and later get port-forwarded on the firewall-172.16.101.102 to Host-A

 

The negative point of this method-1 is that from wan-side of RV160 you will not be able to access the GUI of RV160 using the ipaddr 172.16.244.22....becos now ALL TRAFFIC to 172.16.244.22 will be port-forwarded to only 192.168.253.1

- But you can access the GUI using the ipaddr 192.168.253.10 from the lan-side of RV160

 

 

Scenario-2/Method-2: This is recommended and as suggested by PaulD too

 

In RV160 if we have to configure  Static-NAT (which is 1:1 binding) then we cannot bind/static-nat to the wan-ipaddr. The wan-public-ipaddr (in this case any ipaddr in 172.16.244.x network) used in Static-NAT rule must be other than the ipaddr confgured on wan-interface of RV160

 Therefore since the users in your network have been sending traffic to 172.16.244.22 to reach host-B from Host-A, it is suggested that you:

a) Should use another ipaddress such as 172.16.244.21 as the wan-interface ipaddr of RV160

b) And use the ipaddr 172.16.244.22 in the static-NAT rule (as shown in attached schematic method2-step2)

- when you add a static-nat rule on RV160, it automatically results in the creation of a alias-interface on the wan-interface of RV160 and the ipaddr 172.16.244.22 is applied to the alias interface.

- This alias-interface for static-nat rules is NOT visible or accessible in any way from GUI....BUT you dont worry, it will work as per standard requirement of 1:1 static-nat process.

- So with the alias-interface created for 172.16.244.22 on the wan-interface of RV160, any arp-request coming from the wan-side for 172.16.244.22 will be replied by RV160 with its own mac-address of the wan-interface...so in this way all traffic for 172.16.244.22 will be processed by RV160 on its wan interface and further forwarded to lan-side

- This is how it happens in all standard routers/firewalls/etc so there is nothing new that is done on RV160...so just go ahead and configure as per below steps

 

Step-1: configure a wan-ipaddr 172.16.244.21 on the wan interface of RV160

Step-2 configure a static-nat rule as shown in attached screenshot method2-step2-with-StaticNAT

 

 

So now HostA will send traffic with destination ipaddr 172.16.244.22 (for 10.130.11.39 HostB) which will get 1:1 static-NATed to 192.168.253.1 and then forwarded upto Host-B...

- In reverse direction traffic from HostB will get routed upto RV160 and here it will get Static-NATed to 172.16.244.22 address ONLY instead of 172.16.244.21...

 

hope this is is helpful

 

 

 

 

Review Cisco Networking for a $25 gift card