Just purchased a RV042 for our office. We have an IP block of addresses, and 3 webservers. Configured the primary interface with 1st usable IP in the block, then set up one-to-one NAT for the next 3 public IP's directed to 3 private LAN IP's of servers using the range option. Then, seeing that the firewall allows all traffic to the NAT'd LAN IP's by default, I set ACL's 1st to allow http traffic from any to any, as well as a blanket deny for all other services. Worked for about 15 minutes, then couldn't hit servers from external source. I also noticed that even though I had "disabled" remote GUI, it was still possible to bring up login prompt. Figured that was a result of allowing http any in the ACL, so edited that ACL to allow http from any to only the 3 private IP's / webservers using internal LAN IP's. Again, worked for about 15 minutes and then stopped. Disabled "Block WAN Requests" and built an ACL to allow ping through, restarted router, began ping -t against one server. Worked again for about 15 minutes and died. Stock firmware matches latest firmware from Cisco site (184.108.40.206-tm), although I havn't tried reflashing. Anyone have any thoughts? Is One-to-One NAT broken on these units?
When applying One-to-One NAT it is best not apply any ACLs for specific ports. When the ACL or port forward rules are applied to a NAT'ed address we tend see the behavior you have.
What I would do is this; since you are running web is place the web servers in the DMZ and apply your public IPs to each server's Private IP, or if needed just add the range to the DMZ. That would depend on what you need to have available on the web.
Once they are in the DMZ then you can go ahead and create ACLs to only allow certain services available on the web; like port 80. Since this is a brand new deployment I would go ahead and default the router, apply FW again and start fresh. Sometimes code likes to hang out and cause grief. Let us know if you still run into issues.
SFP Module Support List for RV160x and RV260x Devices
Small form-factor pluggable (SFP) ports are included on the RV160 and 260 routers to allow the use of optical SFP transceiver modules. SFP’s convert the optical signals to electrical signals. SFP’s al...
Cisco is excited to offer its San Jose customers a unique opportunity to join us at Cisco headquarters for a design thinking workshop. This exclusive gathering, of no more than 20 people, is designed for an immersive interactive one-day session bet...
Welcome and thanks for visiting the Small Business Community Newsletter. This is our first of what we will make a monthly newsletter where you will be provided information on New products and trends, What’s ...
Hello @All ,
I am Bhuvi Chopra, a product manager on the Cisco Business (formerly SBTG) Team.
Cisco Business is excited to offer its San Jose customers a unique opportunity to join us at Cisco headquarters for a design thinki...
Join us on Thursday, November 14 at 10:00 am PT to learn more about how Cisco is empowering small business. From connectivity to cloud applications, networking plays a crucial role in every business journey. Cisco Business offers simple-to-deploy, fl...