Just purchased a RV042 for our office. We have an IP block of addresses, and 3 webservers. Configured the primary interface with 1st usable IP in the block, then set up one-to-one NAT for the next 3 public IP's directed to 3 private LAN IP's of servers using the range option. Then, seeing that the firewall allows all traffic to the NAT'd LAN IP's by default, I set ACL's 1st to allow http traffic from any to any, as well as a blanket deny for all other services. Worked for about 15 minutes, then couldn't hit servers from external source. I also noticed that even though I had "disabled" remote GUI, it was still possible to bring up login prompt. Figured that was a result of allowing http any in the ACL, so edited that ACL to allow http from any to only the 3 private IP's / webservers using internal LAN IP's. Again, worked for about 15 minutes and then stopped. Disabled "Block WAN Requests" and built an ACL to allow ping through, restarted router, began ping -t against one server. Worked again for about 15 minutes and died. Stock firmware matches latest firmware from Cisco site (22.214.171.124-tm), although I havn't tried reflashing. Anyone have any thoughts? Is One-to-One NAT broken on these units?
When applying One-to-One NAT it is best not apply any ACLs for specific ports. When the ACL or port forward rules are applied to a NAT'ed address we tend see the behavior you have.
What I would do is this; since you are running web is place the web servers in the DMZ and apply your public IPs to each server's Private IP, or if needed just add the range to the DMZ. That would depend on what you need to have available on the web.
Once they are in the DMZ then you can go ahead and create ACLs to only allow certain services available on the web; like port 80. Since this is a brand new deployment I would go ahead and default the router, apply FW again and start fresh. Sometimes code likes to hang out and cause grief. Let us know if you still run into issues.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...