cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

508
Views
0
Helpful
1
Replies
Highlighted
Beginner

RV220W Access Rules Failing - Requests Answered By Firewall

I have setup my RV220W with NAT rules and access policies to accept HTTPS and SSH requests on a web server. When I set the policies up the site works fine for a while and then the firewall itself begins to answer the requests instead of forwarding them onto the web server.

Firewall WAN IP: xxx.xxx.xxx.218

Subnet Mask: 255.255.255.248

I have a one to one NAT policy set up this way:

Private Range Begin: xxx.xxx.xxx.32

Public Range Begin: xxx.xxx.xxx.219

Range Length: 1 Service: ANY

ACL:

Connection Type: Inbound > LAN

Action: Always Allow

Service: HTTPS

Source IP: Any

DNAT IP: xxx.xxx.xxx.32

WAN IP Address: xxx.xxx.xxx.219

When I make a request to the site the Firewall WAN IP(xxx.xxx.xxx.218) will respond to the request instead of the web server IP (xxx.xxx.xxx.219).

I need help with this, please.

1 REPLY 1
Highlighted
Beginner

Update - I managed to get the firewall to pass the HTTPS requests by changing the remote management port to 60443 and changing the NAT rule from ANY to HTTP and adding access policies for the other ports. The problem now is that the firewall is not always passing SSH traffic.

Intermittently the firewall accepts the SSH traffic intended to go to the xxx.xxx.xxx.219 on xxx.xxx.xxx.218.

NAT:

Private Range Begin: xxx.xxx.xxx.32

Public Range Begin: xxx.xxx.xxx.219

Range Length: 1 Service: HTTP

ACL:

Connection Type: Inbound > LAN

Action: Always Allow

Service: HTTPS

Source IP: Any

DNAT IP: xxx.xxx.xxx.32

WAN IP Address: xxx.xxx.xxx.219

Connection Type: Inbound > LAN

Action: Always Allow

Service: SSH

Source IP: Any

DNAT IP: xxx.xxx.xxx.32

WAN IP Address: xxx.xxx.xxx.219

I know that it is a bad idea to have SSH open on a public IP, but until I can get IPSEC VPN set up this is necessary. I'm not willing to start with the IPSEC setup until I can get the other rules to be stable.

One nightmare at a time, please.