A change to a VPN configuration caused NAT loopback to stop working on the RV320 router I call RV320_Branch.
Here's the network configuration; a vertical bar (|) is an Ethernet network. The branch where I am located is connected to the main office by a pair of RV320 routers with an IPsec VPN over the Internet.
Client|Router|RV320_Main-(Ipsec VPN over Internet)-RV320_Branch|Server
Client and Router (and other systems) share network 10.20.20.0/24.
Router and RV320_Main (and other systems) share network 10.30.30.0/24
RV320_Branch and Server (and other systems) share network 10.10.10.0/24
In the old configuration, the Client on the left could reach systems on 10.30.30.0, but not systems on 10.10.10.0. To change that, we set up some static routes in the Router and made a change to the VPN configuration.
Old VPN configuration: Main: Local Group 10.30.30.0/24 Remote Grp 10.10.10.0/24 Branch: Local Group 10.10.10.0/24 Remote Grp 10.30.30.0/24
New VPN configuration: Main: Local Group 10.0.0.0/10 Remote Grp 10.10.10.0/24 Branch: Local Group 10.10.10.0/24 Remote Grp 10.0.0.0/10
This change to the VPN configuration, along with the changes in 'Router', enabled Client (on the left above) to reach Server (on the right above). Great, so far.
There are a limited set of services on the Server which can be accessed from the Internet via port forwarding.
The problem is that when we made this change, NAT loopback stopped working on the RV320_Branch router. That is, systems on the 10.10.10.0/24 network could formerly reach resources on the server by specifying the external IP address of the RV320_Branch router. That was convenient, because that allowed laptops to reference resources by DNS names, and it worked anywhere. After the VPN change, that stopped working. When we changed the VPN configuration back to the original values, NAT loopback started working again.
I replaced the RV320 with the RV42 we had used previously. The RV42 works with the configuration described above, including NAT Loopback.
This is not a great long-term solution, as we may someday have upstream internet connection that is faster than the RV42. (This RV42 has had its capacitors replaced, and is hooked up using a 3rd party regulated power supply, so it may work for some time yet. :-) )
Article ID:5728 Configure a Teleworker VPN Client on the RV34x Series
Router Objective The Teleworker VPN Client feature minimizes the
configuration requirements at remote locations by allowing the device to
work as a Cisco VPN hardware client. When the T...
Article ID:5708 Configure the LAN and DHCP Settings on the RV34x Series
Router Objective A Local Area Network (LAN) is a network limited to an
area such as a home or small business that is used to interconnect
devices. LAN settings can be configured to li...
Article ID:541 Firmware Upgrade on RV016, RV042, RV042G, and RV082 VPN
Routers Objective To upgrade the firmware, a specific file must be
downloaded from the Internet and uploaded to the device. Firmware
upgrades can fix software bugs, improve features, a...