cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1419
Views
0
Helpful
1
Replies

RV042 - DMZ or One-to-One NAT?

MrGeekabyte
Level 1
Level 1

Hello,

I am currently working with a pharmacy in Ashern that has been selected to be a part of the testing phase of the new Pharmacare network in Manitoba. The desired setup is as follows:

Business Level MTS DSL provides internet connectivity for the pharmacy including debit machines

Separate Business MTS DSL connection provides a secure VPN connection between the pharmacy and the Pharmacare servers that is only ever used when Pharmacare claims are submitted.

3 computers connected to the LAN that need to be able to use the VPN connection to submit Pharmacare claims electronically for their clients

I was trying to make it work using the following setup

WAN 1 -> MTS DSL the provides internet

WAN 2 -> MTS DSL that provides VPN to Pharmacare network

LAN  1 -> Main pharmacy computer

LAN  2 -> Switch that connects to the rest of the LAN network

Route to the Pharmacare network going out WAN2

Default route going out WAN1

The issue I had with this setup is that it seemed like I could only get one WAN or the other, never both.  I've come to realize that it is supposed to be like that.  I have also tried changing the RV042 to router mode and connecting it to a home DLink router but that didn't work either and makes sense that it wouldn't.  My quesion to you is what is the best way to achieve the needed setup?  I only have 1 public ip available to me on the Pharmacare network so I'm not sure what the solution is.  I've attached a network diagram to help clarify the issue.

Thanks for any help you provide.


Raymond Northcott

1 Reply 1

Kremena Ivanova
Cisco Employee
Cisco Employee

Hi,

As I understand you have 2 WAN connections, meaning you do not use DMZ zone, but the second connection is in WAN mode. You configure the VPN tunnel using WAN2

In System Management you need to choose the option Load Balancing, in order to use both WAN connections at the same time.

From what you wrote I am not sure if you configured static routes as well. If this is so, than you do not need a static route explicitely configured for Pharmacare network going out WAN2 - with the VPN configured you have that. The same is for the default route.

But if you want the PCs from the LAN, behind RV042 to use for i-net WAN1, you need to configure Protocol Buinding(this option works only with Load Balancing) . I would advise to create the rules for HTTP and HTTPS services only(or the services you need)  and not to bind All trafic, as this may create a problem for the VPN trafic as well.

And just be sure that you have the latest firmware

Best Regards,

Kremena

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: