RV042 dual wan vpn

Hi all

I have the cisco RV042 vpn router. I have 1 mb lease line in my office and around 15 to 20 users. can I use this Rv042 vpn router to share internet in my office .i need not creat vpn and all. I want only internet share in my .will be only desktop support?

Hi chandrakant,.

Thanks for posting your question. You want to share internet with your employees? If so, yes it is supported. You can plug the switch into the router and plug your PC used in the switch. All users will have access to the internet.

Tags: Cisco Support

Similar Questions

RV082, Dual Wan, VPN + protocol bindings

Hi all

I have this kind of Setup and I can't figure out how to think this router.

My Installer uses Dual Wan load balancing mode. I only need one VPN tunnel. High availability is my concern.

Site 1 has fiber and Cable

Site 2A cable and FTTN

Each ISP provides a static IP

VPN works very well in the event of failure. I am always disappointed that it works in the case where a single primary WAN breaks, but is not operational if primary WAN on Site 1 stops at the same time secondary Site WAN 2 stops. It is very rare but can happen.

In any case, my problems are where I need binding protocol to ensure secure WEB (https, banking, portal provider) sessions.

I bind, at the least, port 443 to my primary WAN. In this way, I can access the Web sites and keep me logged.

So, if I browse a HTTPS across the VPN server, binding protocol always attempts to pass port 443 by the WAN1. He will not even consider the VPN as a valid route first.

(Maybe) can problem I reduce Hop Count for Site 2 less than 35? P.S. I replaced the addresses I don't think they are relevant.

Destination IP

Subnet mask

Default gateway

Number of hops

Interface

ADDR network WAN2	255.255.255.252	*	0	eth2
WAN1 network addr	255.255.255.248	*	0	eth1

Site 2	255.255.255.0	Site 1 fiber Gateway	35	eth1
Site 1	255.255.255.0	*	0	eth0
by default	0.0.0.0	Site 1 fiber WAN1	15	eth1
by default	0.0.0.0	Site 1 cable WAN2	40	eth2
by default	0.0.0.0	Site 1 fiber WAN1	40	eth1

Thank you all,

Bruno

I would like to conclude this is a bug and requires further investigation. I wouldn't call it a limitation if it was my decision (not that I have so much importance in this regard)

-Tom
Please mark replied messages useful

RV042 Dual WAN Port DMZ not acquire an IP from ISP

Hello

I am trying to replace my router with the more robust RV042 of current load balancing. Installation seems simple enough. However, I am having an issue gets an IP address of the DMZ port in load balancing mode.

The two WAN is the same ISP and is both DSL, using the same models of DSL Modem. #1 WAN port works perfectly.

Indeed, when an independent piece of equipment is installed in the #2 DSL modem, this gives an IP address instantly...

The two DSL lines only require a MAC address to get their IP addresses, and none of the static values are allowed, perhaps to test only.

The issue of intellectual property has been seen before. I can't find any reference to the iton this site.

Thank you

Steve

Glad to hear that it works.

The "save the settings and restart" is not all that rare, although it is not typical for your model.

The obligation of power off is certainly not normal. He told me that some sort of electric lock has occurred. This could be a unique thing, caused by a discharge of static electricity, or it could indicate a manufacturing defect. If this is the first case he did re - is probably. If it is the latter, then it will need a trade at any given time.

In any case, it seems that the MAC address index has been at least partially useful.

Good luck, somone will be here if you need assistance once again.

RV042 dual wan port forwarding challenge

I have the latest firmware for this router. Here's what I want to do.

WAN1 is connected to our primary ISP and has a static IP address. We pass a bunch of ports to our SBS 2003 for VPN server and the purpose of remote desktop. Redirect us P - FTP and FTP ports to another computer on the domain to use as FTP server, and we have access to this computer directly from our office as a mapped drive.

WAN2 is connected to our secondary ISP that has a static IP address. I want to forward ports 80 and 443 of this connection to our FTP server (which has the internal IP address of 192.168.1.21) as well for this same computer can host our project Web site without needing us to get another computer that we would have to have in the office.

This doesn't seem to be easily possible with the RV042. I am open to any suggestions on how I can do that; I have another router I could throw into the mix if that would solve the problem.

In fact, there to make a NAT on a public IP address to match an internal IP address of your choice. I used the static IP address of the second internet connection and mapped it to our FTP server.

The only downside is that the FTP server is no longer protected by the firewall, so I had to install a software firewall to protect it from the outside world ;-)

Site to Site & Dialer Dual Wan VPN

Hello!

I have some problems with a Cisco 1941 running 15.2...

I have two interfaces WAN ADSL (PPPoE Dialer). I want normal Internet traffic through DSL - 1 and VPN through DSL - 2. So I put the default route through Dialer1 and the route heading to the IP of the Brach-Site (R.R.R.R), through Dialer2.

on the R1: Ping R.R.R.R-> works fine

A2: Ping Y.Y.Y.Y-> works fine

R2: ssh Y.Y.Y.Y-> works fine

so I guess that routing should work?

but the VPN be established:

router-wi #show cry sess

Current state of the session crypto

Interface: Dialer1

The session state: DOWN-NEGOTIATION

Peer: Port B.B.B.B 500

IKEv1 SA: local X.X.X.Xremote of 500 B.B.B.Bidle 500

FLOW IPSEC: allowed ip 172.20.100.0/255.255.255.0 172.20.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed ip 192.168.100.0/255.255.255.0 192.168.40.0/255.255.255.0

Active sAs: 0, origin: card crypto

Interface: Dialer2

The session state: down

Peer: B.B.B.B port 500

FLOW IPSEC: allowed ip 172.20.100.0/255.255.255.0 172.20.110.0/255.255.255.0

Active sAs: 0, origin: card crypto

FLOW IPSEC: allowed ip 192.168.100.0/255.255.255.0 192.168.40.0/255.255.255.0

Active sAs: 0, origin: card crypto

Even when I remove the Card Crypto VPN - D1, without VPN can be established. Only when I stop the Dialer1 interface and the default Route also goes throug Dialer2 VPN is properly set up.

R1 config:

.....

track 1 ip sla 1

period 5-2

!

Track 2 ip sla 2

period 5-2

!

crypto ISAKMP policy 1

BA aes 256

sha512 hash

preshared authentication

!

ISAKMP crypto key xxxxx address R.R.R.R

ISAKMP xauth timeout 10 crypto

!

Crypto ipsec transform-set esp - aes 256 esp-sha512-hmac VPN_TS

!

map VPN crypto -D1 10 ipsec-isakmp

defined by peer R.R.R.R

game of transformation-VPN_TS

match address VPN_1

map VPN - D1 20 ipsec-isakmp crypto

defined by peer R.R.R.R

game of transformation-VPN_TS

match address VPN_2

!

map VPN crypto -D2 10 ipsec-isakmp

defined by peer R.R.R.R

game of transformation-VPN_TS

match address VPN_1

map VPN - D2 20 ipsec-isakmp crypto

defined by peer R.R.R.R

game of transformation-VPN_TS

match address VPN_2

!

interface GigabitEthernet0/0

Green description

no ip address

IP virtual-reassembly in

IP tcp adjust-mss 1412

automatic duplex

automatic speed

!

interface GigabitEthernet0/0.1

Wlan (network VPN_1) description

encapsulation dot1Q 2 native

192.168.100.2 IP address 255.255.255.0

NBAR IP protocol discovery

penetration of the IP stream

stream IP output

IP nat inside

IP virtual-reassembly in

!

interface GigabitEthernet0/1

Orange Description

no ip address

IP tcp adjust-mss 1412

automatic duplex

automatic speed

!

interface GigabitEthernet0/1.1

Description VPN_2 network

encapsulation dot1Q 1 native

IP 172.20.100.2 255.255.255.0

NBAR IP protocol discovery

penetration of the IP stream

stream IP output

IP virtual-reassembly in

!

interface FastEthernet0/0/0

Description-= DSL-1 =-

no ip address

automatic duplex

automatic speed

PPPoE enable global group

PPPoE-client dial-pool-number 1

!

interface FastEthernet0/0/1

Description-= DSL-2 =-

no ip address

IP virtual-reassembly in

automatic duplex

automatic speed

PPPoE enable global group

PPPoE-client dial-pool-number 2

!

interface Dialer1

Description-= DSL-1 (Vdsl) =-

the negotiated IP address

IP mtu 1452

NBAR IP protocol discovery

penetration of the IP stream

stream IP output

NAT outside IP

IP virtual-reassembly in

encapsulation ppp

Dialer pool 1

Dialer-Group 1

PPP authentication chap callin pap

PPP chap hostname [email protected] / * /

PPP chap password 0 xxx

PPP pap sent-username [email protected] / * / password 0 xxx

card crypto VPN - D1

!

interface Dialer2

Description-= DSL-2 (T - DSL) =-

the negotiated IP address

IP mtu 1452

NBAR IP protocol discovery

penetration of the IP stream

stream IP output

NAT outside IP

IP virtual-reassembly in

encapsulation ppp

Dialer pool 2

Dialer-Group 2

PPP authentication chap callin pap

PPP chap hostname [email protected] / * /

PPP chap password 0 xxx

PPP pap sent-username [email protected] / * / password 0 xxx

card crypto VPN - D2

!

.......

!

The dns server IP

IP nat inside source map route DSL - 1 interface Dialer1 overload

IP nat inside source map route DSL - 2 interface Dialer2 overload

IP route B.B.B.B 255.255.255.255 Dialer2 10 track 2

IP route 0.0.0.0 0.0.0.0 Dialer1 30 track 1

IP route 0.0.0.0 0.0.0.0 Dialer2 50 track 2

!

VPN_2 extended IP access list

IP 172.20.100.0 allow 0.0.0.255 172.20.110.0 0.0.0.255

VPN_1 extended IP access list

IP 192.168.100.0 allow 0.0.0.255 192.168.40.0 0.0.0.255

!

radius of the IP source-interface GigabitEthernet0/0.1

ALS IP 1

X.X.X.X ICMP echo

tag Check DSL-1

threshold of 300

timeout 500

frequency 5

IP SLA annex 1 point of life to always start-time now

ALS IP 2

Y.Y.Y.Y ICMP echo

tag check DSL - 2

threshold of 300

timeout 500

frequency 1

IP SLA annex 2 to always start-time life now

access-list 100 remark = NAT Route - Map DSL-1 LCA =-

access-list 100 deny ip 192.168.100.0 0.0.0.255 192.168.40.0 0.0.0.255

access-list 100 permit ip 192.168.100.0 0.0.0.255 any

access list 101 remark = NAT Route - Map DSL-2 ABI =-

access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.40.0 0.0.0.255

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

Dialer-list 1 ip protocol allow

Dialer-list 2 ip protocol allow

!

10 allowed DSL-2 route map

corresponds to the IP 101

match interface Dialer2

DSL-1 allowed route map 10

corresponds to the IP 100

match interface Dialer1

R2 config:

....

10 VPN ipsec-isakmp crypto map

defined peer Y.Y.Y.Y

defined peer X.X.X.X

game of transformation-VPN_TS

match address VPN_1

20 VPN ipsec-isakmp crypto map

defined peer Y.Y.Y.Y

defined peer X.X.X.X

game of transformation-VPN_TS

match address VPN_2

...

Yes you can incorporate these underneath routes as well on track 2, however track 2 fails, you must have a failover to dsl1 itinerary, with highest should cost 100 road.

IP route 192.168.40.0 255.255.255.0 Dialer 2 track 2 name VPN-1_to_R2_via_DSL-2

IP route 172.20.110.0 255.255.255.0 Dialer 2 track 2 name VPN-2_to_R2_via_DSL-2

Hope that helps.

Thank you

Rizwan James

Post edited by: Mohamed Rizwan

Tunnel VPN RV-042 for Dual WAN Failover backup function

We have customers with dual WAN failover scenarios with site-to-site VPN tunnels.

In the past, the VPN tunnel backup feature has been available in the RV-082.

One of the new RV-042 firmware versions have the function of backup Tunnel VPN available?

The feature is supported on the RV042 V3 hardware.

IPSEC VPN on the dual WAN links

Here's my situation. I have two identical sites ASA 5505 and each has the dual wan/ISP connection and are set to resume using the sla monitor followed. I would like to create a vpn between these two sites that remains active regardless of what ISP link is online. Just make two crytpo card statements10 and a 20 inside each of the asa to each of the other ASA STATIC PUBLIC IP? It works or cause problems?

Configuration of SITE B

card crypto Cox_Primary_map 10 corresponds to the address Cox_Primary_cryptomap_10

crypto Cox_Primary_map 10 peer 72.X.X.X card game<== primary="" static="" isp="" at="" site="">

10 Cox_Primary_map transform-set ESP-3DES-SHA crypto card game

card crypto Qwest_Backup_map 20 corresponds to the address Qwest_Backup_cryptomap_20

crypto Qwest_Backup_map 20 peer 98.X.X.X card game<== backup="" static="" isp="" at="" site="">

Qwest_Backup_map 20 transform-set ESP-3DES-SHA crypto card game

tunnel-group 72.X.X.X type ipsec-l2l

IPSec-attributes tunnel-group 72.X.X.X

pre-shared-key adadsfasdf

tunnel-group 98.X.X.X type ipsec-l2l
IPSec-attributes tunnel-group 98.X.X.X

pre-shared-key adadsfasdf

Thank you

Jesse,

One of the solutions to your problem is to apply the same for both interfaces crypto card and have the two counterparts mentioned under a crypto map entry.

Since you're using track/IP SLA to activate a single link to a single IP address of time will be answers.

http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/C5.html#wp2278871

Have several inputs card crypto with the same statement in game will cause problems.

Hope that makes sense.

Marcin

Dual WAN router and protocol binding

Hello! I'm trying to find a dual WAN router with support VPN, which allow me to redirect part of the traffic to a specific port WAN and balancing of this specific traffic in the case of this WAN failure (the latter is preferred but is not entirely necessary) load.

RV042/G could help me with this? In this case, allow redirection Protocol only? What port/ip forwarding? Or some sort of filtering of packets to redirect to specific WAN ports?

Maybe I need another router in the conduct of business?

Thanks in advance!

Hi Jose, RV0XX model (g) supports a protocol source LAN link to extended network destination set. It can be a host of high-end LAN or a single host LAN. It may be the customer service or all services. In the case of a failure of network SCOPE, all links in the Protocol are "ignored" and switch to the active WAN until normal operation is restored.

-Tom
Please mark replied messages useful

lrt224 dual wan router

Hi im new in dual wan configuration. Help, please.
Here is my problem

1 dynamic globe telecom primary WAN
WAN static pldt 2 telecom
Link failover mode

1 router is connect to lrt224 to serve wifi and my switch also plugin for wifi wireless
1 cctv dvr connected to port 9000 webport lrt224 9100 with auto detection parameters parameters

Now:
Sometimes cctv camera released to public ip address when the wan2 switch but sometimes cannot show also
All around, with 1 wan dynamic as primary

Hi @engkanto.net,.

I agree with the suggestions. It is best to connect the IP camera to one of the LRT224 router's Ethernet ports. Then you must configure the Port Forwarding or Port Address Translation If you have more than one camera using the same internal port.

Thank you.

RV042 to AG241V2 VPN static IP to dynamic IP to AG241V2 RV042

Hello!

I have correctly configured my VPN gateway Gateway inserting the real IP address on my AG241V2 so no problem, the VPN works.

However, AG241V2 is not on a static IP address if I have implemented a dyndns account and can ping my domain name successfully to get the IP address revised each change. Implemented the RV042 and AG241V2 using the service seem to be a little more difficult.

My RV042 is grateful properly the IP address through a DNS lookup bu I can't get an updated VPN in place. My journal RV420 VPN gives the following message.

31 Mai 13:10: 17 2013	The VPN log	Launch the main Mode
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation Info] > Send main initiator Mode 1 package
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation of Info]< initiator="" received="" main="" mode="" 2nd="" packet="">
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation Info] > initiator send Mode main 3rd package
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation of Info]< initiator="" received="" main="" mode="" 4th="" packet="">
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation Info] > main initiator Mode to send 5 packs
31 Mai 13:10: 17 2013	The VPN log	[Tunnel negotiation Info] > initiator receive hand Mode 6 Pack
31 Mai 13:10: 17 2013	The VPN log	Main mode peer ID is ID_IPV4_ADDR: '81.xxx.199.xx '.
31 Mai 13:10: 17 2013	The VPN log	We require the peer to have ID ' @?. dnsalias.com', but peer says "81.xxx.199.xx".
31 Mai 13:10: 17 2013	The VPN log	We require the peer to have ID ' @?. dnsalias.com', but peer says "81.xxx.199.xx".

Please note that I oscured DNS name with? and part of the IP address.

Can anyone help?

Kind regards

Malcolm

These products are processed by the Cisco Small Business support community. (URL: https://supportforums.cisco.com/community/netpro/small-business )

RV042 to RV220W VPN works... can ping IPs, but not host names

We have an installation RV220W to the main office one-site-2 program (gateway-to-gateway) to remote desktop RV042 VPN

RV220W has subnet 192.168.1.x (Windows 2003 server hosting DNS, DHCP)

RV042 192.168.2.x subnet a (machine Windows 8, RV042 is hosting DNS, DHCP)

We can ping IP numbers in both directions, but not machine names. I know it's linked DNS are unsure which solution is. All advice is appreciated.

Thank you

Lori

Hi Lori, hostname access is generally limited to the range of local IP addresses. In addition, the router does not host a DNS record to resolve hostnames on part and other VPN respectively. You can configure the LMHOST files on each machine or you can try to use NetBios.

You can enable NetBios on the VPN tunnel configured on each router and disable the Firewall window or make exceptions to allow NetBios traffic through the firewall of the machine.

-Tom
Please mark replied messages useful

LRT224 - Dual WAN port forwarding

Can you move forward say port 80 1 Wan IP and port 80 from WAN 2 to a different IP address. ?

Also can you somehow choose TCP & UDP rather large only one or the other?

I just replaced 2 routers with LRT 214 and LRT 224 TPLink its all works well. Except port forwarding

With LRT224, a port forwarding rule is applied to the two WAN ports and two rules are necessary if you want to ship to TCP and UDP to the same internal IP address.

ISA570 Weighted Dual Wan & Failover

So, we had a few problems here while we were both WITH link failover detection two ISPs for balancing. Our problems seemed if go away once we have disabled the link failover. What is happening is a wan link out randomly, it was not a particular wan link. We could have one out one day and another on another day. I thought I would post to see if anyone knows or had problems with doing a 50-50 balanced weighted load scenario with the failover link light. Now, with the recovery of disabled link, it seems that if a wan link goes down, computers are always sent on this bad wan link.

I did a combination of the two in deployments. Most of them is connections of failover with low cost connection primary and secondary connections of 4 G of type variable cost. I have not had any problems with load balancing and failover work together, but I can not also think all instances where he arrived so I can't be certain that he would not fail. ;-) If please try DNS and let me know if you experience the same results. If If, I would open a TAC case if Cisco can try to locate the bug, assuming that there is one at this time. Please keep me dated with your results. Thank you.

Sent by Cisco Support technique iPad App

RV82 Dual WAN and online banking. Packages of two IP addresses

Hi all

I have a set RV082 in place with two different ISPS (load balancing). Some time ago, users began to experience problems with online banking. It seems that the banking system set up more than a 'channel' to/from the end user and that bank systems won't accept that the packets come from 2 different public IP. I solved this by linking all HTTPS traffic to WAN1.

Is this a good solution or is there a better way to deal with this? I'm afraid that it will be 'imbalance' my network as many services like Netflix and Youtube is HTTPS.

Are there other services online that may have problems with a configuration of load balancing?

If WAN1 breaks down. WAN2 will start HTTPS transport even if HTTPS is related to WAN1?

I also have a similar problem with the router alert (goes to wrong ISP each time second), but this seems to be fixed in the latest firmware:
"Authentication of email account is configurable for email alert".

Thanks in advance

Jone

Hello James,

Your solution is correct. Certain types of secure connection HTTPS or SSH will not work if you keep changing IP address source, because it breaks the three-way handshake. To avoid that you binding memorandum of installation you have. You can do the same for all other traffic must always go out to a certain port WAN.

If the WAN connection selected for protocol links to crashes, he switched to the other WAN until the connection retrieves.

I have not seen too many online services that have problems with the load balancing is especially with secure connections, namely HTTPS. I tried to access the HTTPS, Netflix, but I could never get an encrypted connection, but your best bet is to monitor and observe the network to see how it affects you.

I mean the line you are citing has to do with the configuration of authentication to an SMTP server to send alerts by e-mail, rather than choose a port WAN to use, however if you protocol links SMTP to the WAN you would use that should no longer be a problem.

Hope that helps,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

* Please note the useful messages *.

RV320 / 325 Dual WAN Question

I am trying to configure these routers to essentially take the voice traffic and have it use one of the two WAN connections as it is the main and any other traffic use the other connection. I would like it so that if a connection doesn't they also switch between them. I can find a way to separate the traffic but can't seem to find a way to redo the failure as well... Is this possible with one of these routers?

Thank you

Stem

Hi Rod,

The Administrator's guide is a bit unclear on this subject, so I install a RV320 here in my lab just to confirm.

Whenever you setup, if the Wan, it is bound to a binding protocol disconnects connections are switched to automotically for WAN replacement and the rear switch when the correct WAN rises again.

So you should be able to configure the two WAN, then highlight the load balance with appropriate traffic related to what WAN you want to use, and they are toggled if/when one of the WAN drops.

Let me know if you need more information,

Christopher Ebert

---

Senior Network Support Engineer - Cisco Small Business Support Center

RV042 dual wan vpn

Similar Questions

Maybe you are looking for