Combining WRV54G & WRTP54G possible with DMZ?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by steve773slc, Apr 1, 2007.

  1. steve773slc

    steve773slc LI Guru Member

    I have a WRTP54G (let's call it it TP) courtesy of Vonage for VOIP. As a router it's pretty lame so I have a WRV54G (let's call that one V) as well. I'd like to connect the TP to the LAN1 port of the V and enable hardware DMZ on the V. I've tried that but either it can't be done or I'm setting something up wrong.

    However, this configuration kind of works using the software DMZ on V:

    V's configuration:
    WAN IP == dhcp assigned from comcast
    WAN port == connnected to Comcast SB5120 cablemodem
    LAN IP == 192.168.10.x
    LAN2 port == connected to TP WAN port
    LAN3 port == connected to desktop machine (
    software DMZ enabled on

    TP's configuration
    WAN port == connected to LAN2 port of V
    WAN IP = (statically defined)
    WAN Gateway ==

    LAN IP = 192.168.15.x
    phone port 1 == connected to telephone
    wireless access point shared with neighbor

    In this setup, even though TP is on the V's DMZ, machines connected to TP can still see machines attached to TP's subnet. Not ideal.

    I've tried setting up the hardware DMZ on V. It increments the 3rd octet so that the DMZ interface is 192.168.11.x. TP must have a static WAN IP so I give it The gateway must be in the same subnet or else the TP configuration won't save so I have to set it to At least this configuration saves but unfortunately, I don't see the internet on any machine on the 192.168.15.x network (and phone service doesn't work either)

    I'm thinking that if the TP had a setting that would enable it to switch from gateway and router, that might do the trick but I don't see it. Any thoughts anyone?


  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I got your PM Steve. Unfortunately, I can't offer any earth-shattering bits of wisdom since it's been literally over 1.5 years since I had my WRV54G and I only experimented with the hardware DMZ feature to test it working. That said, it was a much earlier firmware revison than the current one. Someone on this forum, DocLarge I think, expressed surprise that a) the feature exists and b) that I got it working.

    The DMZ on the WRV54G works the same as the one on the RV042. Boxes in the DMZ (ie: your WRTP54G) *will* be able to initiate connections to other LAN-connected devices on your WRV54G when it's working properly. This is counter-intuitive...and flies in the face of common logic which says that the whole reason for deploying a DMZ is to a) expose this device to the internet while b) not allowing a device in the DMZ which is compromised by an attacker to attack your inside hosts. The hardware DMZ is effectively just another VLAN with its own IP subnet (if you look at the configuration file after backing up you can see this). You need to have access rules to deny access DMZ->Inside Nets.

  3. ifican

    ifican Network Guru Member

    Ok i dont know squat about the WRV54G but i am a little confuseald about your current IP schema. Unless i am missing something TP is not going to connect as it is connect to V's lan which is a 192.168.10.x subnet and you changed TP's wan to 192.168.11.x subnet. Now you cant have the same subnet on both sides of the router as it appears you do, dmz being 192.168.11.x and Wan 192.168.11.x. Trying not to make this anymore confusing but if you changed the dmz to something else and either made the wan a 192.168.10.x or changed the wan subnet both on V and on TP to it should work as far as getting host on TP to access the internet. I cant speak for the DMZ portion but the lan itself should work. Let us know if you want to work on it and i am sure we can get it working, maybe not the way you want it to but it will work as a whole.
  4. Toxic

    Toxic Administrator Staff Member

    As ifican has stated your network setup confuses me. try looking at the RT31P2 review. I explained how to setup a WRT54GS and RT31P2 (vonage) router with each one being in front as the gateway. Your setup is more like the Internet<-->DSL/Cable modem <--->WRT54GS<--->RT31P2 which I explained here: Vonage VOIP Review - Part II - RT31P2
  5. binderz77

    binderz77 Network Guru Member

    I had the same setup as your for some months:-

    Internet<-->Comcast Cable Modem<-->WRV54G<--->WRTP54G

    1. Make sure that the Gateway on WRTP54G is the Local IP address of WRV54G.
    2. If you are using a subnet mask on WRV54G then the WAN IP on WRTP54G must be in the same network as of WRV54G.
    3. This way you should be able to connect from LAN port of WRV54G to the WAN port of WRTP54G.
