1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042, dual WAN and IPSEC passthrough

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Sugarmonster, Oct 18, 2006.

  1. Sugarmonster

    Sugarmonster LI Guru Member

    Hi,

    I've got an RV042 configured for dual WAN, firmware 1.3.7.10.

    I'm trying get a VPN through it (rather than setting one up with it) - Basically I want to VPN into work with my home PC, using the work VPN Client software. The VPN software is Contivity although I wouldn't have thought that makes a difference.

    It should be one of the most common scenarios going but I can only get it working if I disable one of the WAN ports (using the lan_settings.htm page). This forces all the traffic out of one port and everything's fine.

    In the normal dual WAN mode I think the traffic is being bounced between the ports which is seriously confusing the VPN server at the other end and stopping me connecting.

    I've tried nailing the IPSEC service to 1 port in the config, I've also tried forcing all traffic to the server IP address through one port but still no joy - the passthrough only seems to work if I disconnect/disable one of the ports.

    Does anyone else have any bright ideas I can try?

    TIA,

    Marc.
     
  2. moi2

    moi2 LI Guru Member

    Not that it helps fix it, but I have a similar issue in that my PPTP VPN connection will keep dropping every so often (50 times a day or so) when in Dual WAN mode. I have locked the IP address, ports and anything else I can think off, and it still seems to go down the wrong port.

    I have noticed that this is also true for VOIP applications and FTP etc.. So seems to me that there is an issue that the protocol binding works 99% of the time, but the 1% of packets screw it all up...
     
  3. whiny

    whiny Network Guru Member

    I think based on several comments posted here recently, the dual wan function of these routers does not perform "properly". I put that in quotation marks because it does technically work, but doesnt take into account that some protocols aren't persistent like HTTP (1.1) is.

    The "smart" auto balance mode of these routers may cause an outgoing connection from your server to use either WAN1 or WAN2, which may not be correct if a user is waiting on WAN1 a reply.

    I am not well educated in advanced load balancing but I believe the router should make sure it replies on the same WAN port as the originating client request, even if the protocol doesnt hold the connection open.
     
  4. Sugarmonster

    Sugarmonster LI Guru Member

    Indeed - that's what the protocol binding page is supposed to do. It would be tricky and potentially annoying to have the router decide this automatically for all protocols but it should be possible for the user to direct all traffic matching a certain criteria (IP address, port or combination) out of a specific WAN port.

    The function is there, it just doesn't seem to work 100% reliably. As moi2 says, it works 99% of the time but that's just not good enough when you're talking about something as twitchy as a VPN connection :frown:

    I've also got similar problems with NNTP. Multiple connections from different IPs are banned by my news provider and even though I've tried to lock it down to one port I still get the occasional failed connection as a few packets leak out of the wrong port and hit the server from the other address.

    It's annoying because the RV042 is one of only 2 routers in that price range I could find that had the functions I wanted. The only other one is the netgear and since that had a limit of 12Mb/sec WAN throughput it wasn't a lot of use to me when I've potentially got up to 20Mb/sec coming in over the two feeds.

    Anyone know if the RV082 has more luck in this situation?
     

Share This Page