Routing/Firewall/VPN Problems UC540 CCA 2.2(1)

ambleside · ‎01-05-2010

I'm having a bear getting the firewall configured right...There is very little control over the config.

Connection is DHCP (ISP provides a new IP address every 18 months or so but without DHCP request, no routing...)

DDNS works but address doesn't resolve properly when requests come from inside...

for example:

192.168.10.99 is nat'd to mypublicaddress.dnsalias.net for svn access

Outside the office, mypublicaddress.dnsalias.net works fine but inside the office it does not.

This breaks the app because it sees mypublicaddress.dnsalias.net and 192.168.10.99 as different hosts

Likewise, I cannot configure or use the VPN on DDNS...worked fine on the RVL200 we replaced but once I turn on DHCP, the other settings are lost..

Steven Smith · ‎01-05-2010

On the local host issues with 192.168.10.99, what is the dns server? Is it an outbound DNS server? I believe you can hairpin the traffic on the UC540 so that the application only thinks it is using the WAN address.

What type of VPN are you using? I don't believe EZVPN has a requirement of a static IP, but the SSL VPN does.

ambleside · ‎01-05-2010

DNS server is google 8.8.8.8...How do I hairpin the traffic...that's exactly what I'm trying to do..

Yes, EZ VPN works ok...SSL VPN is required for the 525G phones....

Steven Smith · ‎01-05-2010

On the SSLVPN, I don't think we can get around the requirement of a static IP. A good but long read can be found here.

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html

My understanding, if you have setup the proper rules in CCA under NAT, the hairpinning should work. What rules do you have setup?

ambleside · ‎01-05-2010

There really aren't any rules to speak of..host ip, internal port, external port...that's it.