| View previous topic :: View next topic |
| Author |
Message |
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
 Posted: Fri Jul 18, 2008 2:06 pm Post subject: RV042 behind MBR1000 for VPN access? |
 |
|
Does anyone here have any experience or tips with setting up an RV042 behind a Cradlepoint MBR1000 for remote VPN access?
I would like to install the RV042 on the LAN with a static address and then forward port traffic from the MBR1000 to and from the RV042 so that a remote client can connect with the Cisco VPN software that ships with the RV042.
This should work but I can't get it going. Any advice/tips welcome. |
|
| Back to top |
|
 |
Michael
Site Admin
Joined: 13 Jan 2005
Posts: 5125
Location: Cary, IL
|
| Posted: Fri Jul 18, 2008 2:22 pm Post subject: |
|
|
One of our tech guys has experience with this combination. I believe the secret might be setting up your VPN router with a static IP and then entering the local static IP into the DMZ of the CradlePoint.
_________________
EVDO :: EVDO News :: EVDO Antennas :: Buy Verizon :: Buy Sprint :: EVDO Amplifier |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Fri Jul 18, 2008 2:23 pm Post subject: |
|
|
| Michael wrote: | | One of our tech guys has experience with this combination. I believe the secret might be setting up your VPN router with a static IP and then entering the local static IP into the DMZ of the CradlePoint. |
Hmm, I tried that but maybe I missed something. I'll give it a go again and see if I can get it running. If he has web access and has more info that would be great too! |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Sun Aug 17, 2008 5:03 pm Post subject: |
|
|
Well, it's been a month now and I still haven't been able to get this to work. I've actually been bashing my head against a wall with this thing.
The only recommendation that I've gotten that I haven't attempted yet is to make the RV042 the head end of the network and use the MBR1000 for just the internet connection piece. The problem is that right now they are using the WiFi access on the MBR1000 and if I set it up as described they would lose this capability since the MBR1000 would not route correctly to the RV042 in such a situation.
If anyone has any first hand configuration knowledge of how to get this working I'd love to read about it and give it a try.
Thanks. |
|
| Back to top |
|
|
krack[|]
EVDO Fledgling
Joined: 30 Jul 2008
Posts: 24
|
| Posted: Fri Aug 22, 2008 5:42 pm Post subject: |
|
|
| First of all, are we talking IPsec? If so or not, check what port your key exchange occures on. In IPsec, IKE exchange is on port 500 of the UDP protocol. Do you have a log from the RV042 you can post? Any firewall traffic through the MBR could be useful too... |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Sat Aug 23, 2008 11:33 pm Post subject: |
|
|
Thanks for taking the time to respond, yes we are talking about IPSEC through the MBR1000 to the RV042.
This is the configuration I am trying to get working;
Greenbow VPN Client
**Internets**
MBR1000 --->Clients (all on 192.168.10/24 subnet)
RV042 (wired up via WAN port to MBR1000, has static address on this port for 192.168.10/24 subnet). RV042 is in the DMZ of the MBR1000.
The VPN connects successfully to the RV042 but the client can only ping the LAN interface of the RV042. It cannot ping anything on the 192.168.10/24 subnet. The MBR1000 is set up as the default router for the RV042 and it seems as though the packets are getting routed out from the MBR1000 and out to the internet instead of going onto the local LAN that has the other machines.
I will investigate getting some logs, etc. I imagine there must be some way of getting this to work with the RV042 behind the other router, but right now it's escaping me. |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
|
| Back to top |
|
|
maverick
EVDO User
Joined: 29 Jul 2008
Posts: 63
|
| Posted: Wed Aug 27, 2008 9:30 am Post subject: |
|
|
| This may just be my inexperience, but doesn't the DMZ route all incoming traffic to the DMZ computer? If all traffic is being routed to that single computer, I imagine a ping wouldn't go anywhere but to that computer. |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Wed Aug 27, 2008 9:38 am Post subject: |
|
|
| maverick wrote: | | This may just be my inexperience, but doesn't the DMZ route all incoming traffic to the DMZ computer? If all traffic is being routed to that single computer, I imagine a ping wouldn't go anywhere but to that computer. |
No, that's not how DMZ works. The DMZ will simply get the traffic that doesn't match a route to any other device on the network, it will also get traffic that would otherwise be dropped by the firewall. It's like putting a device/server/etc outside of the firewall to allow it to handle all sorts of services/requests and so on that would normally be dropped or blocked. |
|
| Back to top |
|
|
krack[|]
EVDO Fledgling
Joined: 30 Jul 2008
Posts: 24
|
| Posted: Wed Aug 27, 2008 10:09 am Post subject: |
|
|
| This is kind of a weird setup. If you have the clients on the LAN of the MBR and the RV042 on the wired WAN of the MBR, how is the MBR routing your network traffic to the internet? Right now you can only have one routable WAN interface. Load balancing only bonds WAN to seem like one interface. And, if your just try to encrypt your local network with IPsec, forget it. Use WPA for the wireless and leave the physical ethernet open. |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Wed Aug 27, 2008 10:11 am Post subject: |
|
|
| krack[|] wrote: | | This is kind of a weird setup. If you have the clients on the LAN of the MBR and the RV042 on the wired WAN of the MBR, how is the MBR routing your network traffic to the internet? Right now you can only have one routable WAN interface. Load balancing only bonds WAN to seem like one interface. And, if your just try to encrypt your local network with IPsec, forget it. Use WPA for the wireless and leave the physical ethernet open. |
I might have mis-explained.
The MBR1000 is wired to an L2 local LAN switch via crossover cable from one of it's LAN ports. The RV042 is wired up to the same switch via its WAN port, since it can only make VPN connection via the WAN port. |
|
| Back to top |
|
|
maverick
EVDO User
Joined: 29 Jul 2008
Posts: 63
|
| Posted: Wed Aug 27, 2008 10:18 am Post subject: |
|
|
| Why not just plug the MBR1000 to the WAN port of your RV042 then let the RV042 plug into the switch. |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Wed Aug 27, 2008 1:28 pm Post subject: |
|
|
| maverick wrote: | | Why not just plug the MBR1000 to the WAN port of your RV042 then let the RV042 plug into the switch. |
It's unlikely that the intermediate switch would cause any problems whatsoever with this since it's only a layer-2 device. |
|
| Back to top |
|
|
maverick
EVDO User
Joined: 29 Jul 2008
Posts: 63
|
| Posted: Wed Aug 27, 2008 4:22 pm Post subject: |
|
|
| jmpage2 wrote: | | maverick wrote: | | Why not just plug the MBR1000 to the WAN port of your RV042 then let the RV042 plug into the switch. |
It's unlikely that the intermediate switch would cause any problems whatsoever with this since it's only a layer-2 device. |
Well Murphy has a law for you! |
|
| Back to top |
|
|
jmpage2
EVDO Fledgling
Joined: 25 Feb 2008
Posts: 18
|
| Posted: Wed Aug 27, 2008 4:25 pm Post subject: |
|
|
| maverick wrote: | | jmpage2 wrote: | | maverick wrote: | | Why not just plug the MBR1000 to the WAN port of your RV042 then let the RV042 plug into the switch. |
It's unlikely that the intermediate switch would cause any problems whatsoever with this since it's only a layer-2 device. |
Well Murphy has a law for you! |
This afternoon when I went to lunch I directly connected the RV042 to the LAN port on the MBR1000 at the office in question.
As expected, this had absolutely no affect on the observed behavior.
The forum members at DSLReports indicate that in all likelihood the reason that this isn't working is that the MBR1000 can't pass through the address of the RV042 to the public network... at least that's my understanding of the problem.
The recommendation from them is to make the RV042 the head end of the network with the MBR1000 acting as nothing but a gateway with the RV042 in the DMZ. I'm not sure how this will affect the wifi gateway function within the MBR1000. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
