Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
629
Views
0
Helpful
1
Replies

RV340 - making port forwarding work with WAN VLAN ID and IPSec on the same router

JohnKoval52330
Level 1
Level 1

‎01-27-2021 01:17 PM - edited ‎01-27-2021 01:23 PM

Hello. I need some help with configuring my Cisco router. I am hosting a web server in my network and I am using IPSec for some remote stuff. The problem is, my WAN is tagged (VLAN ID: 5) and the router (2.1) does not want to route traffic to my server for users connected through the IPSec. Instead, it tries to handle the requests on its own, serving the web management site (192.168.2.1:80) instead of the one hosted in my network (192.168.2.100:80). My temporary solution was to add another router in front of it (3.1) that redirects all traffic to the router with IPSec, but without any tagged packets. This configuration works, but it is far from ideal. Is it possible to configure it all on one router? Please help, I have ran out of ideas.

Labels:
Preview file
24 KB
Preview file
23 KB
Preview file
44 KB
Preview file
18 KB
Preview file
46 KB
0 Helpful
1 Reply 1

nagrajk1969
Spotlight
Spotlight

‎07-26-2021 06:31 AM

Hi 

 

1. Port-forwarding for http/https on wan1.5 (wan1 with vlan-id 5 subinterface) is independent of VPN tunneling on the same wan1.5 port.

 

2. In my setup i have a similar wan config with vlan-78 configured on wan1 and the wan-ipadrress configured is 78.78.78.157

Note: In your case its simply vlan-5 and the wan-ipaddr used by you is 80.80.80.80 

 

3. So considering the wan1.78 as the wan interface on which you want port-forwarding of http/https connections to a internal-web-server on 192.168.2.100, i would simply configure 2 port forwarding rules as shown in the attached screen-shot-1-2

 

4. The key is to ensure that:

 

a) the "Remote Management" option is not set or even if its set the port used should not be 443. This will allow you to add the port-forwarding of https/443 to 192.168.2.100

 

b) As shown in screenshot, make sure you select the vlan-wan interface (wan1.78 or wan1.5 in your case) instead of wan1

 

Again, just to repeat, please note that vpn tunnels on wan1.5 (or wan1.78 in my case) is independent of any port-forwarding rules you may configure

- so in case you have any existing firewall-acl rules or port-forwarding rules added by you, please kindly delete ALL of them and just add the required 2 simple port-forward rules....rest is all taken care of in the background by the system on RV345....no need for any additional manual rules to add further

 

hope this helps

 

 

Preview file
59 KB
Preview file
66 KB
0 Helpful
Customers Also Viewed These Support Documents