Solved: Proper setup for RV220W

NeonNero1 · ‎03-20-2012

(I'll re-ask here, since I apparently managed to post this in the wrong category originally)

I'm currently trying to set up a Cisco RV220W router on our company's network to act as a network router and firewall, but I'm a little bit stuck.

The topology I want to achieve is as follows:

[WAN] --> [VDSL modem from ISP] --> [Cisco RV220W] --> [LAN]

Our LAN should have 2 VLANs; one for our servers and clients belonging to the company (servers are on public IPs, while clients have LAN IPs), and one for guest users (visitors and other outsiders who are given Internet access from us).

Our current network setup works just fine, using a bridged firewall server between the VDSL modem and the network switch (where all the other servers are connected), and internal users are routed through either a WLAN router or another server. The RV220W will replace the WLAN router as well as the routing and firewall servers, combining these tasks into one.

The target network setup would have three "zones"; 1) the servers (using IPs 213.x.x.0/26, static assignments, no DHCP), 2) local LAN for employees (cable, WLAN or VPN with PPTP - using IPs 192.168.15.x/24 assigned by DHCP, compatible with the existing setup), and 3) local LAN for visitors/guests (WLAN only, using IPs 192.168.0.x/24 assigned by DHCP).

From the RV220W's admin interface itself, I'm able to ping outside IP addresses, but neither the test server on the public IP or the test client on the local IP seems to be able to ping the outside, or eachother (ie. from the client's local IP to the server's public IP).

The Rv220W is already in router mode (ie. not in NAT mode), and the LAN ports are properly tagged for each network segment.

What could I be doing wrong? Or, what would be the proper way to set this up?

jasbryan · ‎03-21-2012

Kim,

Private host that are behind the RV220W will need to be NATTED. Since private IP address are not routable over the internet we had to NAT that traffic to a public IP address. Now if the RV220W is behind another router that is NATTING then yes you can turn RV220W from (Gateway mode) to (Router mode).

How NAT works

How stuff work (NAT)

Jasbryan

View solution in original post

mpyhala · ‎03-20-2012

Hi Kim,

Thank you for posting. You are on the right track but the RV220W should not be in Router mode. Put it back into Gateway mode and your end users should be able to access the internet again.

Please keep us updated.

NeonNero1 · ‎03-21-2012

HI mpyhala,

Why shouldn't it be in Router mode?

If I put it in Gateway (NAT) mode, won't I lose inbound connections to the public IPs on the network? Won't connections from the outside to the 5-10 servers who each have a different public IP be lost with the RV220W in Gateway/NAT mode?

I believe that I will also lost the ability to configure the firewall on each individual public IPs (as some of them needs port 80 open, others need to be closed from the outside completely, aside when from certain accepted IP addresses).

jasbryan · ‎03-21-2012

Kim,

Private host that are behind the RV220W will need to be NATTED. Since private IP address are not routable over the internet we had to NAT that traffic to a public IP address. Now if the RV220W is behind another router that is NATTING then yes you can turn RV220W from (Gateway mode) to (Router mode).

How NAT works

How stuff work (NAT)

Jasbryan

network770 · ‎11-15-2012

I have a site to site vpn which seems to be ok, but I don't believe I have a nonat from the RV router to the other side of the tunnel. Does that needs to be explicitly stated on the router (like asa, ie nonat)? if so where?