Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
0
Helpful
5
Replies

SRP527 multiple LAN subnets routing

simonw_cisco
Level 1
Level 1

‎03-11-2012 10:00 PM - edited ‎03-04-2019 03:37 PM

Hello.

I have a SRP527 (V03/1.01.26) that is connected to a class C network on Port 4, LAN interface (192.168.1.8/24) (see network representation below).  1 hop away through router A is a subnet (172.17.0.0/24) where the clients reside. 

Problem: Client A cannot reach Internet.

Observations:

  • Client A has default route to Router A (172.17.0.1). 
  • Router A has default route to SRP527 (192.168.1.8).
  • Client A can ping Client B & SRP527
  • Client B can ping Internet hosts OK
  • Client A cannot ping Internet hosts
  • SRP527 has static route to 172.18.0.0/24 - which is obviously working as Client A can ping SRP527.

It feels like the NAT policy rule is not matching inbound traffic from remote subnet on trusted LAN port 4.  Whatever it is, the result is that Clients on the 172.17.0.0/24 network have no internet access.

I don't want to connect the SRP527 directly to the 172.17.0.0/24 network.

I would appreciate any suggestions or help.

Client A

    |  172.17.0.10/24

    |

----+---- 172.17.0.0/24 ----+

                              |

                              |  172.17.0.1/24

                    ROUTER A 

                              | 192.168.1.1/24

                              |

          Client B -------+

         192.168.1.10  |

                              +--------- 192.168.1.0/24 ------+

                                                                       |

                                                                       |  192.168.1.8/24

                                                                 SRP527

                                                                       |

                                                                { Internet }

Labels:
0 Helpful
5 Replies 5

Xiaojing Li
Level 1
Level 1

‎03-11-2012 10:47 PM

There is one possibility that your NAT is not done for 172.17.0.0/24.

Solution: 1. you add NAT at router A which means 172.17.0.0/24 will translate to 192.168.1.1

              2. add NAT sourse range 172.17.0.0/24 into SRP527.

Hope it helps

0 Helpful

simonw_cisco
Level 1
Level 1
In response to Xiaojing Li

‎03-11-2012 10:50 PM

Thanks for your reply.

Router A doesn't provide NAT.

I don't see how to add a NAT source range to the SRP527.  I'm assuming that the SRP527 is only allowing a NAT source range of the defined LAN subnet which is local to it's LAN interface (in my case 192.168.1.0/24)

0 Helpful

Matto-FNQ
Level 1
Level 1

‎03-21-2012 06:24 PM

Hi there,

We have the exact same network layout, and I'm experiencing the exact same issue with the 527 we have here. I've been through the web admin interface, but can find no way to add an additional NAT source range.

We are unable to have our Router A perform NAT. It's not something we would want to do even if we could.

Simon - did you ever get a resolution for this?

Xiaojing Li - can you elaborate on how I can add an additional NAT source range on a 527 please?

Thanks for your help,

Matto

0 Helpful

simonw_cisco
Level 1
Level 1
In response to Matto-FNQ

‎03-22-2012 02:28 PM

Hi Matt,

Sorry - we haven't received any feedback through this forum that would be helpful.  I am waiting on our reseller to come back with something and will return the unit if no resolution.  I class this problem as a bug that unfortunately renders the unit inoperable in an SMB situation.

Sorry I can't help.

0 Helpful

Matto-FNQ
Level 1
Level 1
In response to simonw_cisco

‎03-26-2012 03:09 PM

Hi Simon,

Thanks for writing back.

That's a shame. Looks like we might end up having to upgrade to a "proper" cisco router then. I didn't want to have to do that, since we'll be deploying over 30 of them - every dollar saved helps. Still, if the 527 won't do what we want, then it won't do what we want!

Cheers!

Matto

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card