cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
503
Views
0
Helpful
5
Replies
Beginner

RV340:Site-to-Site VPN: Wrong routing

We have 2 sites which have been connected through a VPN using RV042 routers on both sites

- Site 1: adress range 192.168.1.0/24, fix public IP-adress (62.xx.xx.xx)
- Site 2: adress range 192.168.0.0/24, fix public IP-adress (80.xx.xx.xx)

VPN worked fine with these routers.

 

Now I replaced one RV042 by a new RV340W.

Site-to-Site VPN has been defined on the new RV340W router with the same parameters as on the old RV042.

 

The result:

- VPN tunnel is UP.

- Internet access works

- Data Packets or ping send from a computer in 192.168.0.0 adress range to 192.168.1.x adress range are lost.

 

If NAT is disabled on WAN1, the VPN traffic works, but then the general internet access does not work

If NAT is enabled on WAN1, the VPN traffic does not work, but general internet access works fine.

 

How to configure RV340, that the same WAN1 connection is using no NAT, when transfering data to the target range 192.168.1.x, but is using NAT when accessing the internet?

 

Any ideas and help is welcome.

5 REPLIES 5
Cisco Employee

Re: RV340:Site-to-Site VPN: Wrong routing

you need to exempt the traffic.

so when there is traffic directed between both subnets just deny it from the nat ACL, 

however any other traffic will hit the nat then they will have internet access.

 

in firewall its much easier you can configure nat exempt or policy nat.

 

let me know hot it goes,

 

Wishes,

Yazan 

Beginner

Re: RV340:Site-to-Site VPN: Wrong routing

Hi Yazan,

 

can you shortly describe, how to configure RV340, so that the traffic between the 2 subnets is denied from the NAT ACL?

How to configure that in firewall?

 

I only find a switch to enable/disable NAT for the whole WAN1 traffic.

 

Regards

digoffm

Highlighted
Cisco Employee

Re: RV340:Site-to-Site VPN: Wrong routing

Can you check the static nat option 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340/Administration/EN/b_RV340_AG.pdf#page74

 

maybe you can work around it with static nat

 

those are the available options I think on this module.

 

 

 

Beginner

Re: RV340:Site-to-Site VPN: Wrong routing

Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?

1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page.connect-button.PNG

2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?

3. Last option: Configure, Save your configuration and reboot the router. 

All the best... Thanks...!

 

Beginner

Re: RV340:Site-to-Site VPN: Wrong routing

Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?

1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page, small GIF under Actions column.

2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?

3. Last option: Configure, Save your configuration and reboot the router. 

All the best... Thanks...!