11-08-2019 03:22 AM
We have to create a VPN Site to Site Connection on our RV340.
Our Local Net is 192.168.1.0/24
Our Serviceprovider uses the Net 192.168.100.0/24 but wants us to identify us under 192.168.183.0/24 for VPN Traffic
Can this be set up in the Router?
Static NAT did not help.
11-08-2019 05:09 AM
if the Service provider looking you're to send as a source of 192.168.183.0/24 then you need 192.168.1.0/24 NAT with suggestion pool IP address.
here is the static NAT :
I have also read the nat not working..please show us what is wrong.
11-11-2019 01:16 AM
I'd need the Static NAT only for VPN Tunnel.
f.E. like this:
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation
I think this is not a feature on the RV 340
05-11-2021 12:15 PM
Hi JuergenM
What is needed in your deployment is "nat-before-ipsec"...This is possible to be done on Cisco RV260 series Router
- it has something called Policy-NAT which can be applied to translate the src-network 192.168.1.0 to 192.168.183.0 before the packets are forwarded onto the S2S tunnel
But as you said correctly it cannot be done on RV340 - atleast directly...BUT you can do the below if you REALLY want it to be done using RV340
You should configure a setup as below in the site where RV340 is (and nothing is required to done...well almost nothing on the remote-site)
l(an-subnet/192.168.1.0/24)----eth0[Linux-Router]eth1----(lan)[RV340]wan1----ipsec-tunnel---[RemotePeer]---------(192.168.100.0/24)
1. Move the lan-subnet 192.168.1.0/24 behind the Linux-Router as shown above, and change the lan-ipaddr of RV340 to 192.168.183.1/24
2. On the Linux-Router
a) Configure the ip adrress 192.168.1.1/24 on the eth0 interface of Linux-Router
b) Run dhcp-server on the eth0 interface and let it assign the ipaddress in the 192.168.1.0/24 network to the lan-hosts
c) Configure the ipaddress 192.168.183.254/24 with default-gw-ip 192.168.183.1 on the eth1 interface of Linux-Router
d) DO NOT ENABLE ANY NAT/MASQUERADE ON THIS LINUX-ROUTER ON ANY INTERFACE (on eth1 or eth0), Remove if any existing
e) Next apply the following iptables rules on this Linux-Router
Note: As you mentioned it will be for ONLY IPsec traffic to the remote-peer. The below rules do 1:1 nat for entire subnet, in each direction
iptables -t nat -I PREROUTING 1 -i eth0 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24
iptables -t nat -I PREROUTING 2 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24
OR i think the below should also work..but it will work for sure
iptables -t nat -I POSTROUTING 1 -o eth1 -s 192.168.1.0/24 -d 192.168.100.0/24 -j NETMAP --to 192.168.183.0/24
iptables -t nat -I PREROUTING 1 -i eth1 -d 192.168.183.0/24 -j NETMAP --to 192.168.1.0/24
3. On the RV340
a) After changing the vlan1 interface ipaddr to 192.168.183.1/24 (and do a Apply/Save too),
b) Add a Static route in the Routing page...
Destination-network: 192.168.1.0
Netmask: 255.255.255.0
Gateway: 192.168.183.254
Interface: vlan1
c) Next configure the S2S tunnel to the service provider as usual..but apply the below values/settings on RV340
Local-IP-Type: Subnet:
192.168.183.0/24
Remote-IP-Type: Subnet
192.168.100.0/24
4. On the Remote-PeerGw
- for the S2S tunnel config use the below values
Local-IP-Type: Subnet:
192.168.100.0/24
Remote-IP-Type: Subnet
192.168.183.0/24
thats it....you should be able to solve your requirements
Hope this is useful, eventhough its been a longtime since this query has been asked....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide