1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVL200: Port forwarding for port 443 and Remote Management simultaneously

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by wency, Oct 4, 2007.

  1. wency

    wency Network Guru Member

    Hi, i have RVL200 running 1.1.7 firmware. It servers one of our customers network, so it is away for me.
    I need to access it remotely, so i enabled Remote Management.
    Besides that, behind the router there is HTTPS enabled web-server listening by default on port 443. It must be publicly accessible.
    Before enabling Remote Management, i forwarded port 443 and that worked as expected.
    But, when i enabled the Remote Management, the things changed...

    When i try to access the router's WAN IP on port 443, i see the routers web interface instead of my web server.

    RM feature is very strange as you can see in the attached picture: when you enable it, you will be granted access to the HTTP radio group and you can change the Http management port.
    But - you can not access the HTTPS radio group in any way! (it is mentioned within the help screen)
    Who needs a radio group which is not accessible in any time??

    The result is - if you need remote access to the router - it will be done using HTTPS on port 443 and you CAN NOT use this port for other things. If you want - you can enable HTTP remote management additionally using the port you want... What a bonus!
    But you CAN NOT have only HTTP (not https) remote management.

    This is very stupid, indeed!

    Any ideas how to override this (i do not want to use DMZ/One-to-One NAT methods)
     

    Attached Files:

  2. johs

    johs LI Guru Member

    Hi there.
    Did you ever find a solution to this?
    I've been searching around for a solution to the same dilemma. I run a web server on 80 and 443 behind the rvl200 and had to disable remote management/ssl vpn to get it going.
    I would like to run management and vpn on 444 (or something else).
    Is it possible to remap the service to run on a different port?
    (I'm not ready to put another box in front of the rvl200 or bring in another ip just yet)

    thanks in advance.
     
  3. Toxic

    Toxic Administrator Staff Member

    Can you try this:

    Assign the SSL VPN Client setup an IP with the same IP Subnet as your webserver, then login to your remote network using the SSL client. you then via the Virtual Passage utility, have an internal IP address. then access your webserver using

    https://<LAN IP OF SERVER>

    does this not work?
     
  4. johs

    johs LI Guru Member

    Toxic,
    I do think I follow you but I would like to explain the scenario a bit further before trying your suggestions:
    The company run a webshop(80/443) on their internal network with the ports forwarded to the webshop from the rvl200 (had to disable vpn ssl/remote management to solve 443). They _also_ got an AD/ldap server that runs Exchange and other office tools. My point? I'm trying to keep their internet customers reaching the webshop and at the same time serve their employees needs, like running vpn ssl client to reach _other_ internal services, like outlook web access, and of course, the admin-interface on the webshop, which is only available from the inside.

    I read your reply on the official linksys community on this very subject from last year, but it looked like you didn't understand why anyone would like to run vpn ssl/remote management together with port forwarding (443). I hope this is getting clearer. I do appretiate the amount of work you put in here!

    -Until we can "remap" the remote management/vpn ssl services on the rvl200 to a different port, the two solutions that I think of are:
    1. Bring in another wan ip (if the isp allow) - and if the rvl200 supports more than one WAN IP (not sure about this). Juniper and other "high end" boxes have no problem with it.
    2. Put another box in front of the rvl200 that A) forward 80/443 to the internal webshop and B) forward 444 to the rvl200:443 (maybe even on the lan side). This is probably the one I'm heading for but not all boxes are happy about forwarding port from a different source port.

    I have locked my self out by disabling the remote management/vpn ssl - to get the webshop running - so I need to be on-site to do whatever. :)
    -If I have missed something obvious here (other than running Juniper/Cisco, lol), please don't hesitate to let me know.

    Thanks,
    JoHS
     
  5. Toxic

    Toxic Administrator Staff Member

    no need to explain, others have asked for a configurable SSL VPN port before now. Linksys said they would look into it but it was low priority.

    I can tell you they are working on it however. when it is done I do not know.
     

Share This Page