Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
0
Helpful
5
Replies

RV340:Site-to-Site VPN: Wrong routing

digoffm
Level 1
Level 1

‎11-01-2018 07:17 AM

We have 2 sites which have been connected through a VPN using RV042 routers on both sites

- Site 1: adress range 192.168.1.0/24, fix public IP-adress (62.xx.xx.xx)
- Site 2: adress range 192.168.0.0/24, fix public IP-adress (80.xx.xx.xx)

VPN worked fine with these routers.

 

Now I replaced one RV042 by a new RV340W.

Site-to-Site VPN has been defined on the new RV340W router with the same parameters as on the old RV042.

 

The result:

- VPN tunnel is UP.

- Internet access works

- Data Packets or ping send from a computer in 192.168.0.0 adress range to 192.168.1.x adress range are lost.

 

If NAT is disabled on WAN1, the VPN traffic works, but then the general internet access does not work

If NAT is enabled on WAN1, the VPN traffic does not work, but general internet access works fine.

 

How to configure RV340, that the same WAN1 connection is using no NAT, when transfering data to the target range 192.168.1.x, but is using NAT when accessing the internet?

 

Any ideas and help is welcome.

Labels:
0 Helpful
5 Replies 5

yalbikaw
Cisco Employee
Cisco Employee

‎11-01-2018 08:32 AM

you need to exempt the traffic.

so when there is traffic directed between both subnets just deny it from the nat ACL, 

however any other traffic will hit the nat then they will have internet access.

 

in firewall its much easier you can configure nat exempt or policy nat.

 

let me know hot it goes,

 

Wishes,

Yazan 

0 Helpful

digoffm
Level 1
Level 1
In response to yalbikaw

‎11-01-2018 08:52 AM

Hi Yazan,

 

can you shortly describe, how to configure RV340, so that the traffic between the 2 subnets is denied from the NAT ACL?

How to configure that in firewall?

 

I only find a switch to enable/disable NAT for the whole WAN1 traffic.

 

Regards

digoffm

0 Helpful

yalbikaw
Cisco Employee
Cisco Employee
In response to digoffm

‎11-01-2018 11:54 AM

Can you check the static nat option 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340/Administration/EN/b_RV340_AG.pdf#page74

 

maybe you can work around it with static nat

 

those are the available options I think on this module.

 

 

 

0 Helpful

krishna_c
Level 1
Level 1

‎11-20-2018 02:52 AM

Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?

1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page.connect-button.PNG

2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?

3. Last option: Configure, Save your configuration and reboot the router. 

All the best... Thanks...!

 

0 Helpful

krishna_c
Level 1
Level 1

‎11-20-2018 02:54 AM

Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?

1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page, small GIF under Actions column.

2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?

3. Last option: Configure, Save your configuration and reboot the router. 

All the best... Thanks...!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents