1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 access rules and pointless firewall?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jifop, Jun 9, 2011.

  1. jifop

    jifop Networkin' Nut Member

    Hi guys, I really hope someone can help me as this seems ridicoulous! I have bought 4 of these bad boys and setup VPNs on them perfectly I also wanted to setup some firewall rules to send some services to various machines on my network so logically i added a few rules.

    allow service RDP(3389) source WAN1 specific IP to 10.0.0.2
    allow service RDP(3389) source WAN1 any IP to 10.0.0.10
    allow service SMTP (25) source WAN1 specific IP to 10.0.0.3
    allow service SMTP (25) source WAN1 specific IP2 to 10.0.0.3
    allow service HTTPS(443) source WAN1 any IP to 10.0.0.3

    now I would assume this would route;

    RDP reqests to 10.0.0.10 unless from a specific IP in which case 10.0.0.2
    HTTPS requests to 10.0.0.3
    SMTP requests from specific IPs to 10.0.0.3

    However none of these work and i get no incoming ports working after having spoken to Cisco systems they have told me the only way to get it to work is to use port forwarding which seems ridiculous as it negates the use of the firewall! the only way i have managed to get the system working is to add port forwarding

    3389 to 10.0.0.10
    443 to 10.0.0.3
    25 to to 10.0.0.3

    i then have to add firewall rules

    allow service smtp(25) source WAN1 specific IP2 to 10.0.0.3
    allow service smtp(25) source WAN1 specific IP to 10.0.0.3
    deny service smtp(25) source WAN1 any IP to 10.0.0.3

    Does this seem right? this seems like an absolutly silly way of configuring the router and means i cannot route to more than one machine on the same port!

    i hope this makes sense and someone can help me!
     
  2. Sfor

    Sfor Network Guru Member

    I have problems understanding your point. I do not know about RV082, but RV042 does not put the inbound VPN traffic through firewall. It is posiible to filter outbound VPN traffic, only.

    Also, there are no restrictions on traffic between VPN gateways, by default. So, there is no point in allowing services through VPN connections.

    In other words, there is no NAT between VPN endpoints, so there is no reason for port forwarding or redirection.
     

Share This Page