Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1640
Views
12
Helpful
9
Replies

RV042G Portmapping to different subnets

Go to solution
mopdenakker
Level 1
Level 1

‎09-25-2014 08:56 AM

Hello!

We have the following situation:

172.16.0.0 / 255.255.248.0 network

the RV042G has an IP adress of 172.16.7.254 with subnet 255.255.255.0

We added an extra IP/subnet: 172.16.0.254 / 255.255.248.0

We want portmapping from just 1 WAN port to several subnets in our local network.

Example:

WAN address: 84.44.33.11

SERVICE: RDP_TO_SERVER_01 => external port: 3389; internal port: 3389; internal IP: 172.16.0.44

SERVICE: RDP_TO_SERVER_02 => external port: 3399; internal port: 3390; internal IP: 172.16.3.150

SERVICE: HTTP_TO_SERVER_03 => external port: 8555; internal port: 80; internal IP: 172.16.7.51

 

The portforwarding and portmapping does not work from an external address.

In the past we used the RV042G with just one subnet (192.168.0.1/255.255.255.0). But now we've expanded our network to an 172.16.x.x network and with current settings the portforwarding/mapping/UPNP doesnt work.

Please help us to accomplish the above.

Regards,

Martin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to mopdenakker

‎10-01-2014 12:20 AM

Hi Martin, 

Yes RV0xx has NAT hairpinning only on his Default network, I can confirm.

For One to One NAT  cannot help, first because we have only one WAN and you cannot use it for One to One NAT , Second even if we have two Public IP address we can NAT the Second only to the default Network not the extra subnet.

 

Martin this is my opinion and my just suggestion because I cannot have all the information about your network so :

In conclusion : I can see two solution, or you migrate the server to the default network and leave the extra subnet for internet connection or other think if you care about the DHCP you can have external DHCP as for example Microsoft server or our switch Sx300 or 500 series which had the DHCP features fully implemented. 

Second Solution is to have another Router such ISA500 where supporting Vlan not like RV042 Port based Vlan and you can have you can achieve your requirement.

Hope I was clear on my explanation, Please feel free to contact as also fro a presales questions and you can expose your need and we can help you 

 

Thanks

Best regards

Mehdi

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Ismael Arroyo
Level 1
Level 1

‎09-25-2014 10:05 AM

 

Go to solution
mopdenakker
Level 1
Level 1
In response to Ismael Arroyo

‎09-25-2014 12:27 PM

Hi iarroyo,

Thank you for your fast reply!

At the moment I've exchanged the RV042G for an Asus WLAN router (rt ac68u) which is - in my eyes - a less VPN/Router than the RV042G... But this one works without any problems for the portmappings between different subnets...

I would like to reuse the RV042G as a router, but it has to be compatible with the current scope of 172.16.0.0/255.255.248.0 ...

Is there really no other way to accomplish this forwarding with the - real router - RV042G ???

Regards,

Martin

 

0 Helpful

Go to solution
Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to mopdenakker

‎09-25-2014 11:16 PM

Hi mopdenakker,

Regarding the issue with port forwarding to redirect the same port to several server in different subnet, I want to suggest to configure the following, 

1. under Setup--> UPNP there is Service Management click on it and configure the external port and internal port as you posted already in the forum and click OK

SERVICE: RDP_TO_SERVER_01 => external port: 3389; internal port: 3389;

SERVICE: RDP_TO_SERVER_02 => external port: 3399; internal port: 3390; 

SERVICE: HTTP_TO_SERVER_03 => external port: 8555; internal port: 80;

2. After that the on the same page select your custom services (RDP_TO_SERVER_01) and put the internal IP address 172.16.0.44

3. Enable the rule

4. Click Save

and the same for all the rule.

 

N.B :

1. Please if you have configure already port forwarding concerning those port from the menu Setup---> Forwarding, please remove them otherwise will not work  because you cannot have a rule with the same port configured on both features 

2. Please also disable UPNP under Setup----> UPNP

3. Be sure the server on the second subnet configured with Static IP and has gateway 172.16.0.254

 

Please rate the post and mark as answered to help our Cisco Customer

 

Thank you for choosing Cisco 

have a nice day

Mehdi

 

 

 

 

Go to solution
mopdenakker
Level 1
Level 1
In response to Mehdi Boukraa

‎09-29-2014 01:20 PM

Hi Mehdi,

Thank you very much for your reply.

We've managed to setup portforwarding like you said! It works:

IP router: 172.16.0.254/255.255.255.0
Multiple subnets enabled: 1 extra subnet: 172.16.7.254/255.255.248.0

All the computers on the LAN point to 172.16.7.254 as GATEWAY.

 

We only have one problem at the moment...

I'll explain the situation:

The WAN ip from the router is eg. 81.44.218.242

We have a domainname odp.eu

And we have an IP camera with the domainname camera01.odp.eu

This domainname is an a-record that translates to our WAN ip: 81.44.218.242

We have a Portmapping for the ipcamera:

local: 80; WAN: 8456; Internal IP: 172.16.4.1

When accessing from an external address (fe. mobile phone cellular connection) the portmapping works!

But when accessing from an internal address (within the lan) we can't get it working...

Not even when we setup the wan ip and the port on our external device...

How can we get this fixed ?

 

Thank you in advance!

regards,

Martin

0 Helpful

Go to solution
Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to mopdenakker

‎09-30-2014 01:56 AM

Hi Martin,

 

usually if you have access from external to the IP Camera, for sure you have access locally if no firewall setting of course from LAN to the Camera

Did you try to access on which port 80 or 8456 ? from LAN should access from port 80

private_IP:80 (HTTP)

or if I understand may you need to access from the LAN with the public IP and external port (8456) ? this option is not supported on RV0xx, this option called NAT hairpinning we need a device where we can translate the source and destination IP.

here an example from our small business device where support this option 

ISA500 series here is simulator http://www.cisco.com/assets/sol/sb/isa500_emulator/index.htm 

under firewall --> advanced NAT 

But with private IP and internal port we can access to the camera

 

 

Please rate the post and mark as answered to help our Cisco Customer

 

Cheers,

Thank you for choosing Cisco 

have a nice day

Mehdi

Thank

 

Go to solution
mopdenakker
Level 1
Level 1
In response to Mehdi Boukraa

‎09-30-2014 01:35 PM

Hi Mehdi,

Thanks again for your reply!

It's correct that we can access all hosts from within our local network (to the regular port).

We have an app on a phone (to view IP Camera's) that is provided with the dns name that points to the external ip address. We only have 1 IP address so we use portmapping. 

On the WAN we can access the neccesary cameras/applications, but once we login to our LAN we can't get it work with the current subnets...

With just one subnet (the default of the RV042), it used to work for us in the past (also from within our LAN). So the RV042 has a sort of NAT hairpinning with the default subnet???

I know that the RV042 has the option to use 1-to-1-NAT. Is this helpfull in our situation???

Kind regards,

Martin

0 Helpful

Go to solution
Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to mopdenakker

‎10-01-2014 12:20 AM

Hi Martin, 

Yes RV0xx has NAT hairpinning only on his Default network, I can confirm.

For One to One NAT  cannot help, first because we have only one WAN and you cannot use it for One to One NAT , Second even if we have two Public IP address we can NAT the Second only to the default Network not the extra subnet.

 

Martin this is my opinion and my just suggestion because I cannot have all the information about your network so :

In conclusion : I can see two solution, or you migrate the server to the default network and leave the extra subnet for internet connection or other think if you care about the DHCP you can have external DHCP as for example Microsoft server or our switch Sx300 or 500 series which had the DHCP features fully implemented. 

Second Solution is to have another Router such ISA500 where supporting Vlan not like RV042 Port based Vlan and you can have you can achieve your requirement.

Hope I was clear on my explanation, Please feel free to contact as also fro a presales questions and you can expose your need and we can help you 

 

Thanks

Best regards

Mehdi

0 Helpful

Go to solution
mopdenakker
Level 1
Level 1
In response to Mehdi Boukraa

‎10-02-2014 02:43 AM

Thanks Mehdi,

I'll try to live with these 'flaws' of the RV042g.

Thank you for your help and time!

Regards Martin

0 Helpful

Go to solution
Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to mopdenakker

‎10-02-2014 05:19 AM

you are welcome in any time 

 

Please feel free to contact us also even before having the Cisco Device you can give us your requirement and we can help you for choosing the Cisco Device for your need 

Have a nice weekend

regards

Mehdi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents