Hi,
I am having trouble setting nat rules on device SRP527W-U with the latest firmware 1.2.4 (003). The latest firmware 1.2.4 has introduced the possibility to create specific nat rules via "ACL policy rules". I am trying to use this "new feature" not available in the older releases to get my network configuration done. The configuration I would like to do is to have two different vlan. In the vlan1 I would like to nat the PCs via the point_to_point interface and in the vlan2 I don't want use nat feature so each computer will be reachable via public ip address.
I have configured two different PVCs on the device let's say:
ADSL_PVC0:
encapsulation: IPoA
multiplexing: LLC
qos type: UBR
VPI/VCI auto detect: disable
virtual circuit VPI:8 VCI:35
ip settings:
ip: 2.2.2.2 (it is not my real ip it is just to make an example)
netmask: 255.255.255.252
gateway: 2.2.2.1
mtu: auto
ADSL_PVC1:
encapsulation: PPPoA
multiplexing: VC
qos type: UBR
VPI/VCI auto detect: disable
virtual circuit VPI:8 VCI:40
PPPoA settings:
username: test@providertest.com
pass: xxxxxxx
connection: keep alive
mtu: auto
in the Internet_setup_menu i have chosen:
system default route via ADSL_PVC0
default voice route ADSL_PVC1
after that I have enabled under menu interface_setup->LAN->VLAN_settings two different vlans:
vlan1 (default vlan):
private_lan:
id: 1
address_type: DHCP_server_pool
DHCP pool: DHCPRule_1 (VLAN1)
voice: disabled
membership: LAN_port1, LAN_port3, LAN_port4, SSID1
vlan2 (public vlan):
public_lan:
id: 2
address_type: DHCP_server_pool
DHCP pool: DHCPRule_2_public_ip (VLAN2)
voice: disabled
membership: LAN_port2, SSID2
and I have set two different DHCP rules:
DHCPRule_1
VLAN 1
local ip address/subnet 192.168.1.1/24
dhcp mode: dhcp server
gw: 192.168.1.1
dns proxy: enabled
DHCPRule_2_public_ip
VLAN 2
local ip address/subnet 3.3.3.1/27
dhcp mode: dhcp server
gw: 3.3.3.1
dns proxy: disabled
dns1: 8.8.8.8
after that I have set under menu network_setup->nat->global_nat:
address translation:
nat: disabled
instead I have added this policy under nat_bypass:
policy nat_lan
enabled: yes
inside interface: vlan1
outside interface: ADSL_PVC0
ip address: 2.2.2.2/30
if I try to attach a pc on lan port 1 I am able to get the ip configuration via DHCPRule_1 I can ping the gw 192.168.1.1 but I am not able to ping 8.8.8.8.
if I try to attach a pc on lan port 2 I am able to get the ip configuration via DHCPRule_2_public_ip I can ping the gw 3.3.3.1 and I AM ABLE to ping 8.8.8.8 and of course surf the web.
From the wan side i am able to reach the router via the two different pubblic ip address assigned to the PVCs ADSL_PVC0, ADSL_PVC1
If I try to enable the nat under global_nat of course I am able to browse the web and the device is using the public ip address of the pvc ADSL_PVC0 to nat "myself".
I have tried the configuration many times and I have tried to apply many different "flavor" configurations but I am still having trouble to get the configuration done. From my point of view there is some sort of bug related to the nat features or something is missing to this configuration.
Any help will be really appreciated.
thanks in advance for your reply.
