cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
683
Views
0
Helpful
3
Replies

RV340 - VPN Problem

JuergenM233
Level 1
Level 1

We have to create a VPN Site to Site Connection on our RV340.

 

Our Local Net is 192.168.1.0/24

Our Serviceprovider uses the Net 192.168.100.0/24 but wants us to identify us under 192.168.183.0/24  for VPN Traffic

 

Can this be set up in the Router?

 

Static NAT did not help.

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

if the Service provider looking you're to send as a source of 192.168.183.0/24 then you need 192.168.1.0/24 NAT with suggestion pool IP address.

 

here is the static NAT :

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5461-configure-the-static-network-address-translation-nat-on-the.html

 

I have also read the nat not working..please show us what is wrong.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I'd need the Static NAT only for VPN Tunnel. 

 

f.E. like this:

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation

 

I think this is not a feature on the RV 340 

nagrajk1969
Spotlight
Spotlight

Hi JuergenM

 

What is needed in your deployment is "nat-before-ipsec"...This is possible to be done on Cisco RV260 series Router

- it has something called Policy-NAT which can be applied to translate the src-network 192.168.1.0 to 192.168.183.0 before the packets are forwarded onto the S2S tunnel 

 

But as you said correctly it cannot be done on RV340 - atleast directly...BUT you can do the below if you REALLY want it to be done using RV340

 

You should configure a setup as below in the site where RV340 is (and nothing is required to done...well almost nothing on the remote-site)

 

l(an-subnet/192.168.1.0/24)----eth0[Linux-Router]eth1----(lan)[RV340]wan1----ipsec-tunnel---[RemotePeer]---------(192.168.100.0/24)

 

1. Move the lan-subnet 192.168.1.0/24 behind the Linux-Router as shown above, and change the lan-ipaddr of RV340 to 192.168.183.1/24

 

2. On the Linux-Router

a) Configure the ip adrress 192.168.1.1/24 on the eth0 interface of Linux-Router

b) Run dhcp-server on the eth0 interface and let it assign the ipaddress in the 192.168.1.0/24 network to the lan-hosts

c) Configure the ipaddress 192.168.183.254/24 with default-gw-ip 192.168.183.1 on the eth1 interface of Linux-Router

d) DO NOT ENABLE ANY NAT/MASQUERADE ON THIS LINUX-ROUTER ON ANY INTERFACE (on eth1 or eth0), Remove if any existing

e) Next apply the following iptables rules on this Linux-Router 

Note: As you mentioned it will be for ONLY IPsec traffic to the remote-peer. The below rules do 1:1 nat for entire subnet, in each direction

 

iptables -t nat -I PREROUTING 1 -i eth0 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24

iptables -t nat -I PREROUTING 2 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24

 

OR i think the below should also work..but it will work for sure

 

iptables -t nat -I POSTROUTING 1 -o eth1 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24

iptables -t nat -I PREROUTING 1 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24

 

3. On the RV340

 

a) After changing the vlan1 interface ipaddr to 192.168.183.1/24 (and do a Apply/Save too), 

b) Add a Static route in the Routing page...

Destination-network: 192.168.1.0

Netmask: 255.255.255.0

Gateway: 192.168.183.254

Interface: vlan1

 

c) Next configure the S2S tunnel to the service provider as usual..but apply the below values/settings on RV340

 

Local-IP-Type: Subnet:

192.168.183.0/24

 

Remote-IP-Type: Subnet

192.168.100.0/24

 

4. On the Remote-PeerGw

- for the S2S tunnel config use the below values

Local-IP-Type: Subnet:

192.168.100.0/24

 

Remote-IP-Type: Subnet

192.168.183.0/24

 

 

thats it....you should be able to solve your requirements

 

Hope this is useful, eventhough its been a longtime since this query has been asked....

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: