11-01-2018 07:17 AM
We have 2 sites which have been connected through a VPN using RV042 routers on both sites
- Site 1: adress range 192.168.1.0/24, fix public IP-adress (62.xx.xx.xx)
- Site 2: adress range 192.168.0.0/24, fix public IP-adress (80.xx.xx.xx)
VPN worked fine with these routers.
Now I replaced one RV042 by a new RV340W.
Site-to-Site VPN has been defined on the new RV340W router with the same parameters as on the old RV042.
The result:
- VPN tunnel is UP.
- Internet access works
- Data Packets or ping send from a computer in 192.168.0.0 adress range to 192.168.1.x adress range are lost.
If NAT is disabled on WAN1, the VPN traffic works, but then the general internet access does not work
If NAT is enabled on WAN1, the VPN traffic does not work, but general internet access works fine.
How to configure RV340, that the same WAN1 connection is using no NAT, when transfering data to the target range 192.168.1.x, but is using NAT when accessing the internet?
Any ideas and help is welcome.
11-01-2018 08:32 AM
you need to exempt the traffic.
so when there is traffic directed between both subnets just deny it from the nat ACL,
however any other traffic will hit the nat then they will have internet access.
in firewall its much easier you can configure nat exempt or policy nat.
let me know hot it goes,
Wishes,
Yazan
11-01-2018 08:52 AM
Hi Yazan,
can you shortly describe, how to configure RV340, so that the traffic between the 2 subnets is denied from the NAT ACL?
How to configure that in firewall?
I only find a switch to enable/disable NAT for the whole WAN1 traffic.
Regards
digoffm
11-01-2018 11:54 AM
Can you check the static nat option
https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340/Administration/EN/b_RV340_AG.pdf#page74
maybe you can work around it with static nat
those are the available options I think on this module.
11-20-2018 02:52 AM
Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?
1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page.
2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?
3. Last option: Configure, Save your configuration and reboot the router.
All the best... Thanks...!
11-20-2018 02:54 AM
Ideally, the behaviour that you are expecting must be achieved by default by any VPN router. I tried a simple Site-to-Site connection and it worked for me. Can you try below?
1. Disconnect and re-connect the tunnel from VPN->Site-to-Site page, small GIF under Actions column.
2. Have you tried disabling the Site-to-Site connection all together in configuration and re-enable it?
3. Last option: Configure, Save your configuration and reboot the router.
All the best... Thanks...!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide