I have three RV320 routers and a small block of public IP addresses from my ISP. Currently, I have one router setup in router mode that acts as my border router. It is connected directly to my DSL modem and I've subnetted my public address space into three different VLANs. Then, connected to the border router are two additional routers; one for each VLAN. The border router is in "router" mode and the two additional routers (lets call them core routers) are in "gateway" mode. I also have one-to-one NAT for some public facing servers. I have the two core routers connected with a gateway to gateway VPN tunnel to connect each side within the private 10.X LAN. This VPN tunnel is horrible and is always dropping the connection, failing to pass packets, and after a few days just fails to work all together. I see no reason this should happen since these boxes are literally a single hop apart.
Anyways, what I'd like to do is reconfigure the setup so that the border router becomes a gateway and the core routers become actual routers instead of doing NAT. Essentially remove the routing of the public address space I currently have set up.
So, I created the following two VLANs on the border router:
Router IP Address: 10.114.1.31
Router IP Address: 10.142.1.31
Then, on one core router, I changed the WAN1 IP address to 10.114.1.1 with a mask of 255.255.255.192. I can ping the border router and vice versa. Then I switch the router from "gateway" mode to "router" mode and my connection drops and I can no longer ping back and forth.
Same situation with the other router. If I leave them in gateway mode I can ping the WAN IP address from a host within each LAN but I cannot ping a host within the opposing LAN. i.e. From a host behind core router one (10.114.1.1) I can ping core router two (10.142.1.1) but I cannot ping a host beyond that. Does that make sense? If I switch from gateway to router mode, then I can't ping anything. What is going on here? I tried manually adding routing table entries in all sorts of ways with no luck. The firewalls are turned off. Am I missing something? The Cisco documentation says router mode is used if another gateway is hosting the internet connection (which there is, the border router) and there are other routers on the network. What I'm trying to accomplish should be possible but I can't seem to make it work.
Any help is greatly appreciated and let me know if I need to clarify anything. The attached picture is what I'm trying to accomplish. the .251.2## addresses are my public addresses.
First of all, the IP address you have used on the VLAN's seem to be broadcast address for that subnet (10.114.1.31/27). Secondly, have you tried configuring the devices in router mode and then turn on dynamic Routing protocol like RIP to see if that would help? Also, please check out the below link that may help.
I did notice my addresses were incorrect when I did the setup but even changing them from 31 to 30 did not fix the problem. I did not try turning on RIP.
As an alternate setup, is there a way to route traffic to specific WAN ports? In other words, I want all the 10.0.0.0/8 traffic to go through WAN2 with no NAT, and all other traffic over WAN1 with NAT. Would that be possible? Then I can just connect the two routers together instead of using VPN.
Are the two networks co-located? If yes, would you be able to use a single router (Border Router) with Two VLANs for the two private networks? If that is not possible, can you please share the screenshots of the configuration pages on the RV320? VLAN configuration page & Static Route Configuration page on the Border RV320, Static Route Configuration Page on Core Routers, and a screenshot of "TraceRoute" output from one of the hosts connected to the core Router?
I created a new VLAN for routing between subnets. I assigned addresses for each router and the switch on the new VLAN.
R1 - 10.114.0.1/29
R2 - 10.114.0.2/29
S1 - 10.114.0.3/29
Inter-VLAN routing is enabled on each router. I created the following routing tables in the switch:
10.33.0.0 /16 10.114.0.1
In each router, I created similar routing tables under advanced routing. From the switch, I can ping addresses in each subnet. From each subnet, I can ping the switch and respective router but not the corresponding next hop. So, from 10.11.110.1 I can ping 10.114.0.2 and 10.114.0.3 but not 10.114.0.1. Same from the 10.33/16 subnet.
I just don't understand what is wrong here and why this will not work across routers. Both with or without the switch.
Article ID:5728 Configure a Teleworker VPN Client on the RV34x Series
Router Objective The Teleworker VPN Client feature minimizes the
configuration requirements at remote locations by allowing the device to
work as a Cisco VPN hardware client. When the T...
Article ID:5708 Configure the LAN and DHCP Settings on the RV34x Series
Router Objective A Local Area Network (LAN) is a network limited to an
area such as a home or small business that is used to interconnect
devices. LAN settings can be configured to li...
Article ID:541 Firmware Upgrade on RV016, RV042, RV042G, and RV082 VPN
Routers Objective To upgrade the firmware, a specific file must be
downloaded from the Internet and uploaded to the device. Firmware
upgrades can fix software bugs, improve features, a...