1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042, route internet traffic through VPN instead of DSL.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Billsey, Jun 28, 2007.

  1. Billsey

    Billsey LI Guru Member

    I have two RV042s, one in the office and one in the field. The WAN1 port of the office RV042 is connected to my fast but unstable internet connection, the WAN2 port is connected to a much slower but stabler DSL connection. I have the router setup to failover to WAN2 when WAN1 fails, and that has been tested to work. One problem with the DSL connection is that they filter SMTP requests unless the request is to their own SMTP server. I'd like to route all internet traffic from the office through a tunnel to the field when the DSL line is active, so those SMTP requests will actually get through to the appropriate SMTP servers elsewhere. Is this possible? How would I do it?
     
  2. Billsey

    Billsey LI Guru Member

    So, no one has ideas on how this could work, or can say that it will not work? I got rid of the failover on the WAN ports temporarily and am just using the DSL port (WAN2). I have the tunnel setup between the local RV042 (192.168.7.x) and the remote RV042 (172.20.x.x) and traffic is routed correctly between the two. Can I somehow setup either a second tunnel for public IP requests from the local network or setup some sort of static route that forces traffic to go through the tunnel in order to find a gateway?
     
  3. ifican

    ifican Network Guru Member

    Yes you can set up tunnels to different things and to do different things, i am currently at a loss though at trying to visualize what you want to do? I understand the smtp issue, and yes if you are in the field you can create a tunnel with another endpoint or even use pptp from any network that will allow you to do that to send data to your server.

    As far as what you are asking in the second question is where i am getting lost, can you explain in a different way what you are wanting to do with tunnels in regards to public IP?
     
  4. Billsey

    Billsey LI Guru Member

    Well, we'll see 'if I can' get my thoughts clearer... :)

    If I connect to the internet through the wireless side, the radios route my traffic to a layer 3 switch which has routes to the world. The local side of that switch (a VLAN) has both an internal subnet (172.20.x.x) and the local public subnet (a.b.c.x) associated with it. It routes my internet requests on to some other router upstream toward the backbone.

    When I'm at the house (network 192.168.7.x) and I connect to the internet through the DSL line, SMTP requests are blocked unless I'm connecting to their SMTP server (supposed to be a technique used to control SPAM). Other internet traffic is routed normally through their system and on to the backbone.

    I have an RV042 connected to the 172.20.x.x network (it's 172.20.0.2 on the LAN side and a.b.c.x on the WAN side) and an RV042 connected to the DSL line (192.168.7.1 on the LAN side, dynamic on the WAN side). My 192.168.7.x traffic is routed correctly to the 172.20.x.x network. What I'd like is for my SMTP requests (and by inference the other public internet traffic) to go through the tunnel, then on toward the backbone.

    My thoughts are to get this working will require that the RV042 at 192.168.7.1 will have to decide that it's default gateway for all 192.168.7.x NATed traffic will need to be sent to a default gateway at a.b.c.1 (same box as 172.20.0.1). This probably requires that the NAT be configured to use a.b.c.x as it's public side instead of the address received by the PPPoE connection to the DSL, but the tunnel itself has to still use that PPPoE address. I may just be asking for too much, or there may be a better way to accomplish my goal, which is to send email through the DSL line even though the DSL folks have SMTP shut off.
     
  5. ifican

    ifican Network Guru Member

    By creating a tunnel you are effectively bypassing the isp smtp rule. Now if you currently have a tunnel between the 192.168.7.x and the 172.20.0.x networks I dont see any reason you cant get that traffic across the tunnel as long as its classified accordingly. You may have to add a route to your host or use another router to point the traffic accordingly, but as long as you get the traffic going across the tunnel and the other side knows how to get back it should not be an issue. The only issue that may crop up is if you are trying to go out to the internet from the same interface that the tunnel is terminating on. This however does not seem to be the case with you, so if you can get the traffic routed to the remote L3 switch, it should handle traffic as it is suppose too. I have not tried this and have no idea if it will work, though i am curious to try myself when i get a moment. Hopefully the 192.168.7 router is at your home. Delete the tunnel you currently have and trying creating another one identifying the default gateway for the tunnel as the ip for the L3 switch instead of the router lan ip itself. I dont belive the gateway ip has any significance in the creation of the tunnel as long as it falls in the local subnet range.
     
  6. Billsey

    Billsey LI Guru Member

    But that is exactly the problem I'm asking about. Traffic destined for the 172.20.x.x subnet works fine, I only had to change the default gateways for the 172.20.x.x devices. I want traffic to the internet to work through the tunnel as well! If the systems on the 192.168.7.x subnet can't get to the internet through the tunnel, then there is no fix for the SMTP problem. What I see happening is some sort of NAT through a tunnel, so the 192.168.7.x subnet machines look like an a.b.c.x machine.
     
  7. fiat

    fiat Network Guru Member

    My understanding is that if you have a point-to-point tunnel you will only be able to connect to the remote network. You will not be able to pass traffic beyond it.

    A solution would be to have a SMTP server on the remote network relay your email. You would send mail to the remote server and assuming it was setup to relay mail it would pass your mail on for you.

    A PPTP connection to the remote network would allow you to use the remote network's internet connection to pass your traffic. Since this is a client connection it needs to be a connection between a local computer and the remote VPN router.

    You could use a computer on your local network and have it make a persistant PPTP connection to the remote network. This local computer would also need to be running a SMTP server. Email sent to the local SMTP server would pass thru the remote network using the remote network's internet connection.

    Since the remote network is an office then one would assume that there is a SMTP server there. The first suggestion would then seem to be the easiest solution.
     
  8. Billsey

    Billsey LI Guru Member

    I'll look into the PPTP possibilities, though it still doesn't sound as if it's going to be the full fix. Though I'm starting to wonder if the full fix is even possible. :frown:

    Unfortunately you just bumped into the third question I originally asked (See thread here). The SMTP server on out network (with an a.b.c.x address) is physically located in the same place as the 192.168.7.x network, not up in one of the towers with the 172.20.x.x network. The DSL line is supposed to be the backup route to the server if the wireless fails (which happens any time it rains hard, it seems). Not too surprisingly, when the backup route is in place, incoming SMTP requests are blocked before they can get to the server by our friends at the DSL provider. I could physically move the server to one of the radio towers, but the obvious choice already has a full rack, and the other towers don't have the nice buildings to hold a rack...
     
  9. fiat

    fiat Network Guru Member

    This thread) talks about setting up and using a backup VPN tunnel. I've not tried it myself.

    If it works and if you have a local DNS server, you could set your MX records to first point to the office SMTP server using your default VPN tunnel and then fall back to using your backup tunnel if your default connection drops.

    If all SMTP traffic has to go thru your office SMTP server it should not hit your ISP's SMTP server. Your mail might just queue while the the connection swaps between WAN ports (and while the VPN tunnels are built).

    It would seem that the easiest solution would be to upload your data from the "field" to a web server in the office. Or the office web server could pull the data from the "field". You could schedule a script to run at some interval to pass the data one way or the other. This would keep the traffic flowing over your private network to a minimum.
     
  10. ifican

    ifican Network Guru Member

    This is generally the case with soho equipment but not so with higher end devices.

    Now i like options that Fiat has suggested and it may be the only way to get it to work. When i replied a few days ago i had not given it much thought in regards to the ability of the routers/gateways you are working with. Now having drawn this out and given it alot of thought, because of the limitations of the RV series in regards to advanced routing features I cannot come up with an alternative to make this work the way you want with these routers. I will continue to look at this as sometimes ideas seem to come out of nowhere, but i am not very hopefull at this point.
     
  11. Billsey

    Billsey LI Guru Member

    Could you provide some suggestions as to which routers could handle this type of project?

    My other thought would be a bit of a hack... Add a basic linksys wired router to the 172.20.x.x side of the system, with the 172 network on it's LAN side. Configure it to do NAT between 172.20.x.x devices and an internet address on it's WAN side (Remember that physically, the 172 network and our a.b.c.x network are the same, so this involves connecting both ends of the router to the same switch). If I then convert all our 192.168.7.x devices (except the RV042 itself) to static IPs with default gateways that match the generic router on the other end of the tunnel, wouldn't they route all traffic over the tunnel to get to the internet? I could easily be missing something in my logic here... :)
     

Share This Page