Cisco RV320 IPSec VPN Tunnel NAT

Unanswered Question

I have a Cisco RV320 behind a Verizon FIOS router. I manually assign the RV320 an IP address in the same subnet as the Verizon internal LAN on the WAN connection. I setup Gateway to Gateway under VPN and under local security group, I select IP. No matter if I setup the VPN connection for NAT Traversal or add the internal to external IPs in the Access Rules, the router on the other side still sees my internal LAN address. I tried a static NAT as well on the FIOS router, but no change. Is my NATing wrong? I can't figure out what I'm doing wrong.Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tmadeshw Mon, 06/27/2016 - 22:32
User Badges:

Hello pplc123

Thanks for contacting Cisco support community center. I am really sorry for inconvenience caused and delayed response. For establishing Gateway-Gateway VPN which needs both ends static IP (public IP) and it should be reachable from outside networks. If you need any configuration or any other assistance you can contact our SBSC support teams by using below links

You can contact our SBSC team either via chat or call support with the help of below links:

Milan Milanov Thu, 06/30/2016 - 01:36
User Badges:


If your RV320 is behind NAT, you will have to do Port Forwarding on the Verizon router for ports 500 and 4500 to go to the WAN IP of the RV and also make sure they are opened by your ISP.

Of course, the best case scenario would be to change the Verizon router in Bridge Mode and assign directly the public IP to the WAN port of the RV.

Kind regards,

Milan Milanov

rubenjaldin Wed, 04/05/2017 - 07:13
User Badges:

milan hello,

what happen if the ISP router is also a RV 320 and he is given me from his lan ports to my wan port 1 also a (rv 320) an ip public , do i need to open ports in the first rv 320 (ISP ROUTER) too ??

jonrodr2 Thu, 04/06/2017 - 07:43
User Badges:
  • Cisco Employee,


I hope you are doing well, my name is Jonathan and I am one of the Engineers from theSmall business department. Please let me know the following information.

-can you show us a diagram of your topology?
-indeed if the router is behind the verizon device, the best way to get the site to site should be to put the modem in bridge so that the router can get the public ip on the wan port instead of the lan.
-i will need to check but when you say that there are 2 RV320, is the firs RV getting its ip on the wan from the internal lan of the modem? it would be good to have a diagram to understand better.
-please check if the firmware is on the latest version.
-what is the model of the device on the other end, is it an RV as well?
-you can contact us for further assistance and open a case to help you with this, below i paste the link for reference. thanks