1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Proper use without NAT?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by aweber1nj, Dec 30, 2006.

  1. aweber1nj

    aweber1nj LI Guru Member

    Does anyone use the RVxxx without using the NAT functionality?

    I am considering just using the RV as a load-balancer/failover device for my internet connections (one DSL, one Cable), and having a custom firewall behind it (to do firewall plus a few other functions).

    I know this is a bit vague, but how does the RV accomplish routing of packets to two internet connections without NAT? I guess the same way as WITH NAT (to confuse myself, thank you)?

    Without NAT, if I have one (firewall) connected to the LAN port, will BOTH the DSL and Cable modems attempt to provide a DHCP address to the firewall-device? (Which wouldn't be good.)

    I want to avoid double-NAT if at all possible.

    Could I still use some of the firewall and VPN features even without NAT enabled on the RV?

    More confused the more I think about it... :(

    Any help much appreciated.

    -AJ
     
  2. d__l

    d__l Network Guru Member

    I don't think you can do what you want. On the RV082 if you have two connections, you choose between Dual WAN or DMZ for the second WAN which provides un-NATed access, but it is protected from attacks. If you choose Dual WAN, then you can set up either Load Balancing or Smart Link Backup.

    You might be able to use Dual WAN and set up numerous, very permissive access rules through to your firewall. I doubt that this would be equivalent to setting both WANs as DMZs, but it might cut the double NATing problem for every thing that you are interested in using. The router would pass most traffic through the NAT, but I don't know the limits, if there are any, on excessively "permissive" access rules.
     
  3. aweber1nj

    aweber1nj LI Guru Member

    Well, yeah, a DMZ technically IS what I'm trying to setup -- but with no hosts in it at this time...just the firewall to the LAN (which is also typical in a picture of a Internet -- DMZ -- LAN setup).

    So some minor traffic filtering/firewalling by the RV would be WELCOME, but not required (because there's no hosts in the DMZ, as stated). All I really want the RV to do is provide load-balancing or hot-failover of the dual WAN connections.

    My biggest question is how it would/could do this if I turned off the NAT functionality? Would each WAN interface pick-up an address from the respective cable/DSL modem? If so, then it would have to NAT traffic. If not, then which modem is going to provide the DHCP address to the firewall-host behind the RV??? How does it continue to provide load balancing without NAT? Will it at least work with the dual-WAN configured in "Failover Mode" -- where only one of the WANs is active at a time?

    Just trying to piece it together, and I don't have a lot of time and tools to experiment with the hardware and trace the interactions.

    Thanks for the quick reply!
    -AJ
     
  4. Toxic

    Toxic Administrator Staff Member

    so your wanting the RV042 to be the gateway router but have no NAT?
     
  5. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Yes...I have a few of them setup as edge devices on wide area networks...private RLANs over DSL and T's. They're running in "router mode" instead of the default "gateway mode"...so there's no NAT.

    Dunno about the dual WAN in that aspect though.

    This "router mode" is actually a very common use for a router in business networks....I'd say historically more than 50% of routers used in businesses are running in this fashion..connecting large networks and wide area networks.

    The term "router" has become almost a household term recently due to the explosion of broadband internet for homes...and they run in "gateway mode" in this fashion.
     
  6. pablito

    pablito Network Guru Member

    I'm running an RV8 in router mode. I have a WRT54 attached to each WAN port. Each one connects wirelessly to a remote AP. One WRT is in client mode and the other is in bridge mode. So over one WAN link I have double NAT and over the other is single NAT. All devices are setup with RIP so that routing works. I bind users over the double NAT WAN and VPN over the single NAT.

    It all seems to work well. One caveat I found was that while upgrading one of the WRTs from behind the RV I would loose RIP and couldn't finish the upgrade. Easily fixed by attaching directly to the WRT or going to double NAT long enough to upgrade. Static routes would also prevent the upgrade issues.
     

Share This Page