RV082 VPN not working with one-to-one NAT

[klubar]

Archived from groups: comp.dcom.vpn (More info?)

I'm having a problem with my RV082 and setting up a VPN.

Situation:

The RV082 is connected to the internet
I have a block of 16 IP address, from 206.40.172.226 thru 204.40.173.238;
the gateway address is 206.40.173.225
The internal (NAT) IP range is 192.168.10.0-254
I've set up one-to-one NAT (on the setup screen) for:
192.168.10.47~47=>206.40.173.228~228
192.168.10.5~5=>206.40.173.227~227
I also have the firewall turned on, with a number of access rules

Before setting up VPN everything works fine; I can access the internal
addresses .47 with its external address; firewall works correctly

I set up a group VPN (connecting to a Greenbow client); the external VPN
remote group is 192.168.100.100

The VPN works for everything EXCEPT the two addresses with one-to-one NAT;
for example from the machine on the VPN I can ping 102.168.10.51, and on a
machine behind the RV082 I can ping 192.168.100.l00; however I can NOT ping
192.168.10.47

Clearly there is some interaction between the one-to-one NAT and the VPN.
If I turn off the one-to-one mapping then I CAN ping all the addresses.

Is this the way it's suppose to work? Any way to get around this problem.

Thanks

Ken Lubar
EMI
616-224-1101 x-126
klubar@emiboston.com

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

It sounds like traffic being sent out by 192.168.10.47 is being
translated to 206.40.173.228 before the decision to send it through
the tunnel. This would probably disqualify it from entering the
tunnel since there is typically a qualifying local subnet. I wouldn't
expect source addresses to be translated that early. Do you have any
access rules pertaining to the VPN tunnels?

Bill

klubar@emiboston.com (klubar) wrote in message news:<e59a2340.0407260513.78f97c01@posting.google.com>...
> I'm having a problem with my RV082 and setting up a VPN.
>
> Situation:
>
> The RV082 is connected to the internet
> I have a block of 16 IP address, from 206.40.172.226 thru 204.40.173.238;
> the gateway address is 206.40.173.225
> The internal (NAT) IP range is 192.168.10.0-254
> I've set up one-to-one NAT (on the setup screen) for:
> 192.168.10.47~47=>206.40.173.228~228
> 192.168.10.5~5=>206.40.173.227~227
> I also have the firewall turned on, with a number of access rules
>
> Before setting up VPN everything works fine; I can access the internal
> addresses .47 with its external address; firewall works correctly
>
> I set up a group VPN (connecting to a Greenbow client); the external VPN
> remote group is 192.168.100.100
>
> The VPN works for everything EXCEPT the two addresses with one-to-one NAT;
> for example from the machine on the VPN I can ping 102.168.10.51, and on a
> machine behind the RV082 I can ping 192.168.100.l00; however I can NOT ping
> 192.168.10.47
>
> Clearly there is some interaction between the one-to-one NAT and the VPN.
> If I turn off the one-to-one mapping then I CAN ping all the addresses.
>
> Is this the way it's suppose to work? Any way to get around this problem.
>
> Thanks
>
> Ken Lubar
> EMI
> 616-224-1101 x-126
> klubar@emiboston.com

 

[klubar]

Archived from groups: comp.dcom.vpn (More info?)

I turned off (and also deleted) the access rules corresponding to
those addresses. It didn't help. I suspect it's a bug on the RV082
(as there are some other bugs in that device).

Right now, I'm using port mapping to get to the addresses I need which
works fine, but not as nice.

I'll post an update if I get a solution for LinkSys.

Ken


bplist661@yahoo.com (Bill P) wrote in message news:<30a7ec58.0407311317.4170de67@posting.google.com>...
> It sounds like traffic being sent out by 192.168.10.47 is being
> translated to 206.40.173.228 before the decision to send it through
> the tunnel. This would probably disqualify it from entering the
> tunnel since there is typically a qualifying local subnet. I wouldn't
> expect source addresses to be translated that early. Do you have any
> access rules pertaining to the VPN tunnels?
>
> Bill
>
> klubar@emiboston.com (klubar) wrote in message news:<e59a2340.0407260513.78f97c01@posting.google.com>...
> > I'm having a problem with my RV082 and setting up a VPN.
> >
> > Situation:
> >
> > The RV082 is connected to the internet
> > I have a block of 16 IP address, from 206.40.172.226 thru 204.40.173.238;
> > the gateway address is 206.40.173.225
> > The internal (NAT) IP range is 192.168.10.0-254
> > I've set up one-to-one NAT (on the setup screen) for:
> > 192.168.10.47~47=>206.40.173.228~228
> > 192.168.10.5~5=>206.40.173.227~227
> > I also have the firewall turned on, with a number of access rules
> >
> > Before setting up VPN everything works fine; I can access the internal
> > addresses .47 with its external address; firewall works correctly
> >
> > I set up a group VPN (connecting to a Greenbow client); the external VPN
> > remote group is 192.168.100.100
> >
> > The VPN works for everything EXCEPT the two addresses with one-to-one NAT;
> > for example from the machine on the VPN I can ping 102.168.10.51, and on a
> > machine behind the RV082 I can ping 192.168.100.l00; however I can NOT ping
> > 192.168.10.47
> >
> > Clearly there is some interaction between the one-to-one NAT and the VPN.
> > If I turn off the one-to-one mapping then I CAN ping all the addresses.
> >
> > Is this the way it's suppose to work? Any way to get around this problem.
> >
> > Thanks
> >
> > Ken Lubar
> > EMI
> > 616-224-1101 x-126
> > klubar@emiboston.com