For me, there is one route

mmallkc01 · ‎08-01-2016

I submitted the discussion below in the WAN Switching and Routing Community; but, it may belong here, instead. I didn't see a way to post in more than one community.

I have two Cisco, SOHO firewalls - an RV120W and an RV220W. I am trying to set up the configuration described in the attached jpg file. In this configuration, going clock-wise around the diagram, our private LAN would be on the LAN side of the RV120W, and the DMZ would be on the WAN side of the RV120W and the LAN side of the RV220W. In the diagram I also described a LAN between the WAN side of our RV220W and a router at the telecom site used by the ISP. I included this LAN instead of describing the internet cloud right there because the routing table of the RV220W references this LAN. Then, I described the internet cloud on the WAN side of that router.

When testing this configuration, from hosts on the internal LAN, I can ping hosts in the DMZ. From hosts in the DMZ, I can ping hosts on the internet. But, I cannot ping hosts on the internet from the internal LAN. It is not just a DNS issue, because I can't ping IP addresses such as the Google DNS server, 8.8.8.8, from the internal LAN when I can do so from the DMZ.

I have used a configuration like this in the past; but, I don't know why I can't do it with these devices. Both devices are configured to use NAT. I don't know if this is a problem and if I need to configure one of them to use Routing instead of "Gateway (NAT)". If so, I may need help configuring it.

The routing tables from both devices are described below, with information modified to protect our privacy/security. These are difficult to read here; so, I also included this information in an attached txt file. I notice that for each subnet described, the default route has a gateway on the opposite side of the firewall. I don't understand this. For example, the RV120W routing table indicates the default gateway for the subnet, 192.168.50/24, is 192.168.100.1, which is the WAN IP address of the firewall. I would have thought the default gateway for this subnet would be 192.168.50.1, the LAN IP address of the firewall.

RV120W Routing Table:

Kernel IP routing table
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.100.0 0.0.0.0 255.255.255.0 0 0 0 eth1 Static UP
192.168.100.0 192.168.50.1 255.255.255.0 2 0 0 bdg1 Static UP,Gateway
192.168.50.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
192.168.50.0 192.168.50.1 255.255.255.0 1 0 0 bdg1 Static UP,Gateway
0.0.0.0 192.168.100.1 0.0.0.0 0 0 0 eth1 Dynamic UP,Gateway

RV220W Routing Table:

Kernel IP routing table
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
x.x.x.128 0.0.0.0 255.255.255.224 0 0 0 eth1 Dynamic UP
x.x.x.128 x.x.x.154 255.255.255.224 1 0 0 eth1 Dynamic UP,Gateway
192.168.100.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
192.168.100.0 192.168.100.1 255.255.255.0 1 0 0 bdg1 Static UP,Gateway
192.168.50.0 192.168.100.99 255.255.255.0 2 0 0 bdg1 Static UP,Gateway
0.0.0.0 x.x.x.129 0.0.0.0 0 0 0 eth1 Dynamic UP,Gateway

Thank you in advance for any assistance you can offer.

yoann.wolf67 · ‎08-02-2016

For me, there is one route missing on RV120W.

Have you tried to add a static route on this router for your WAN network ?

ahmedshoaib · ‎08-02-2016

Hi;

Can you double check your Nating on RV220W, will it's include both subnet 192.168.50.0 & 192.168.100.0 network.

As far as routing part seems to me is ok.

Thanks & Best regards;

Can access DMZ from LAN and WAN from DMZ, but not WAN from LAN