11-08-2019 03:22 AM
We have to create a VPN Site to Site Connection on our RV340.
Our Local Net is 192.168.1.0/24
Our Serviceprovider uses the Net 192.168.100.0/24 but wants us to identify us under 192.168.183.0/24 for VPN Traffic
Can this be set up in the Router?
Static NAT did not help.
11-08-2019 05:09 AM
if the Service provider looking you're to send as a source of 192.168.183.0/24 then you need 192.168.1.0/24 NAT with suggestion pool IP address.
here is the static NAT :
I have also read the nat not working..please show us what is wrong.
11-11-2019 01:16 AM
I'd need the Static NAT only for VPN Tunnel.
f.E. like this:
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation
I think this is not a feature on the RV 340
05-11-2021 12:15 PM
Hi JuergenM
What is needed in your deployment is "nat-before-ipsec"...This is possible to be done on Cisco RV260 series Router
- it has something called Policy-NAT which can be applied to translate the src-network 192.168.1.0 to 192.168.183.0 before the packets are forwarded onto the S2S tunnel
But as you said correctly it cannot be done on RV340 - atleast directly...BUT you can do the below if you REALLY want it to be done using RV340
You should configure a setup as below in the site where RV340 is (and nothing is required to done...well almost nothing on the remote-site)
l(an-subnet/192.168.1.0/24)----eth0[Linux-Router]eth1----(lan)[RV340]wan1----ipsec-tunnel---[RemotePeer]---------(192.168.100.0/24)
1. Move the lan-subnet 192.168.1.0/24 behind the Linux-Router as shown above, and change the lan-ipaddr of RV340 to 192.168.183.1/24
2. On the Linux-Router
a) Configure the ip adrress 192.168.1.1/24 on the eth0 interface of Linux-Router
b) Run dhcp-server on the eth0 interface and let it assign the ipaddress in the 192.168.1.0/24 network to the lan-hosts
c) Configure the ipaddress 192.168.183.254/24 with default-gw-ip 192.168.183.1 on the eth1 interface of Linux-Router
d) DO NOT ENABLE ANY NAT/MASQUERADE ON THIS LINUX-ROUTER ON ANY INTERFACE (on eth1 or eth0), Remove if any existing
e) Next apply the following iptables rules on this Linux-Router
Note: As you mentioned it will be for ONLY IPsec traffic to the remote-peer. The below rules do 1:1 nat for entire subnet, in each direction
iptables -t nat -I PREROUTING 1 -i eth0 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24
iptables -t nat -I PREROUTING 2 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24
OR i think the below should also work..but it will work for sure
iptables -t nat -I POSTROUTING 1 -o eth1 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24
iptables -t nat -I PREROUTING 1 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24
3. On the RV340
a) After changing the vlan1 interface ipaddr to 192.168.183.1/24 (and do a Apply/Save too),
b) Add a Static route in the Routing page...
Destination-network: 192.168.1.0
Netmask: 255.255.255.0
Gateway: 192.168.183.254
Interface: vlan1
c) Next configure the S2S tunnel to the service provider as usual..but apply the below values/settings on RV340
Local-IP-Type: Subnet:
192.168.183.0/24
Remote-IP-Type: Subnet
192.168.100.0/24
4. On the Remote-PeerGw
- for the S2S tunnel config use the below values
Local-IP-Type: Subnet:
192.168.100.0/24
Remote-IP-Type: Subnet
192.168.183.0/24
thats it....you should be able to solve your requirements
Hope this is useful, eventhough its been a longtime since this query has been asked....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: