1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 + Public IP

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Yongjin, Jul 1, 2007.

  1. Yongjin

    Yongjin LI Guru Member

    Hi anyone manage to get public IP address working in RV042? I've been trying to configure this for 2 days but no success... :( I've a whole Class C IP block which I want to be share in both data centre and remote office but unable to get it to work it seems that WAN and LAN does not route at all in both Gateway and Router mode. Anyone can advise what is wrong?

    RV042 @ Data Centre
    WAN: 15.1.1.254 GW 15.1.1.1 Subnet: 255.255.255.0
    LAN: 15.1.1.128 Subnet: 255.255.255.0
    VPN: 15.1.1.1.0 Subnet: 255.255.255.0

    RV042 @ Remote Office
    WAN: DSL
    LAN: 15.1.1.192 Subnet: 255.255.255.0
    VPN: 15.1.1.1.0 Subnet: 255.255.255.0

    The VPN can be establish sucessfully the problem is both end unable to access one another also the system that connect to the data centre LAN is unable to PING X.X.X.1 :(
     
  2. fred3

    fred3 Network Guru Member

    You need to be more explicit about the IP addresses and the VPN setup. It's hard to tell what you're doing.
     
  3. Yongjin

    Yongjin LI Guru Member

    all the X.X.X refers to the same make it 15.1.1.X in this case... any advise?

    another thing I tried is to move the IP block to DMZ port but from that port I cant get access to WAN at all :(
     
  4. ifican

    ifican Network Guru Member

    Initial and potentially only issue is that you need to have different subnets on either side of the tunnel. Right now you have the same subnet 15.1.1.0 255.255.255.0 on both sides. I guess the question now is though, i could be wrong but i have a hard time believing that you have an entire routable class c subnet available for your personal use. In order to establish a tunnel besides having all key settings correct, you need to have a different subnet between the wan, lan , and tunnel subnets. If there is any overlap it will not work.
     
  5. fred3

    fred3 Network Guru Member

    Your initial message shows "VPN 15.1.1.1.0". Too many octets here... ?
    Each VPN termination has to have a different public IP address.

    And, as mentioned, the LAN subnets can't be the same or overlapping - but they are if the mask is as shown. In fact, the mask isn't right if the subnet base addresses are as shown.
     
  6. Yongjin

    Yongjin LI Guru Member

    Its not for personal use I'm trying to configure it for my client where they have a Class C black from the data centre. Currently they are using Cisco 2621 and PIX 501 on both end which they said it workable. Since each of the unit will take up 1U of rack space each which makes 2U and local over my country data centre space is expensive therefore they are looking into replacing the unit with 2 RV042 one on either end.

    I've tried a lot of method including using the DMZ port but not much sucess it seems that when I set to DMZ for the dual WAN traffic are not getting from DMZ to WAN even with firewall disabled.

    VPN is a secondary issue I can try subnetting using private IP however I need the public IP address to be able to work in LAN and WAN/DMZ.

    In the case if the subnets are wrong what should the correct subnet be? I'm getting more and more confuse on how this device works :(
     
  7. fred3

    fred3 Network Guru Member

    More like this:

    RV042 @ Data Centre
    WAN: 15.1.1.254 GW 15.1.1.1 Subnet: 255.255.255.0 public addresses
    LAN: 192.168.1.0 Subnet: 255.255.255.0 private addresses
    RV042 LAN: 192.168.1.254
    VPN: 192.168.1.0 Subnet: 255.255.255.0 local
    192.168.2.0 Subnet: 255.255.255.0 remote

    RV042 @ Remote Office
    WAN: 15.1.1.254 GW 15.1.1.1 Subnet: 255.255.255.0 public addresses
    LAN: 192.168.2.0 Subnet: 255.255.255.0 private addresses
    RV042 LAN: 192.168.2.254
    VPN: 192.168.2.0 Subnet: 255.255.255.0 local
    192.168.1.0 Subnet: 255.255.255.0 remote

    So, this uses 2 public IP addresses over the internet to connect - both referring to the same gateway address which I presume is in the range of public IP addresses that you have available.

    Then, each LAN is on a separate private IP address range / that is, subnet.

    And, the VPN devices point at each other from LAN to LAN.

    The notation:
    192.168.1.0 255.255.255.0 refers to a subnet with addresses:
    192.168.1.0 to 192.168.1.255 with the first and last addresses not usable for any host and are used by the system.
     
  8. Yongjin

    Yongjin LI Guru Member

    In the case of the above setup which I've tried will require the use of the DMZ port which does not have access to any traffic from DMZ to WAN and WAN to DMZ any advise on this?

    There are servers that will require the use of Public IPs which will sit at the DMZ zone since the LAN zone is now private.
     
  9. ifican

    ifican Network Guru Member

    Ok give me an idea of how many hosts need to have public ip's on both sides of the tunnel and if we have the room we can break the range up to allow the tunnel to connect and all hosts to have an ip within your ip range specifications.
     
  10. Yongjin

    Yongjin LI Guru Member

    For public IP on both end require no more than 64 address for now I'm thinking of setting as 32 for each end... with that I still have another 192 public IP not use to play with what are your suggestion? thanks.
     
  11. ifican

    ifican Network Guru Member

    Well really you wouldnt have that many address because you are going to loose address when you start subnetting. There are many ways to break the subnets up to do differnet things this is just one way and can be tweaked accordingly.

    RV
    wan-15.1.1.253 255.255.255.252
    lan- 15.1.1.0 255.255.255.224 usable address .1 - .31

    RV
    wan-15.1.1.254 255.255.255.252
    lan- 15.1.1.32 255.255.255.224 usable address .33 - .63

    You can use any one of the usable address for you GW on the lan, this gives you 31 usable address after using one for the gateway. If you know the buisness is not going to have any other sites then you can make the subnets bigger, you could also make one 64 on one side and 32 on the other with out an issue just need to tweak the subnets. This is all assuming the isp will handle the partioning of the subnet correctly.
     
  12. Yongjin

    Yongjin LI Guru Member

    Its really wierd packets is still not passing through the interface it keep ping time out however when I use private IP it works have tried both Router and Gateway mode both the same firewall has been disabled :(

    PS: This is on one of the device only not even at the VPN stage yet is there a problem with the firmware 1.7.8.3?
     
  13. fred3

    fred3 Network Guru Member

    Are you testing in a lab with a cable emulating the internet or are you testing using the real live public internet connections?

    If on a cable, I've found that having a router with the internet gateway address assigned to its LAN (and nothing on the WAN) is needed for connecting two RV042 WANs using public addresses. Both VPNs point to this as the internet gateway.

    If on live internet, then presumably there is a gateway address in your range? That's how one of our ISPs sets it up. Then point the VPNs to that one.
     
  14. fred3

    fred3 Network Guru Member

    You mention using the DMZ port but give no clear description of the topology. The RV042 is very limited in its capability when one talks about VPN and DMZ on the same device. Maybe not possible at all.
     
  15. Yongjin

    Yongjin LI Guru Member

    Currently testing in the lab tried putting 3 routers in between to simulate live Internet connection its a migration from a live system so have to make sure the configuration is working before replacing.

    Okay I'll try setting the IP in LAN instead to see how it goes, for the gateway address that I'm playing with is assign by the provider its a routable address into the class C subnet.

    The DMZ I trying with because I can't seems to get it to work the way it ened if it works in LAN and WAN then DMZ will not be used.
     
  16. Yongjin

    Yongjin LI Guru Member

    Ok I've tried to set without WAN just entering the IP in LAN still does not work as long as I'm using Public IP block traffic just does not route..... it only works when I use private IP range its driving me nuts :(

    Anyway to force traffic pass through VPN tunnel without going to the WAN?

    I've attach a diagram of what I'm trying to achive.... hope someone can enlighten me on how to get this done
     

    Attached Files:

Share This Page