Cisco Routers :: RV042 Can't Get Forwarding / Firewall And Client To Gateway VPN
Jun 9, 2012
I'm trying to set up a RV042 to do the following:
1) Block all WAN connections, except for:
2) Allow all port 80 connections, and forward to 10.4.20.60
3) Allow all port 443 connections, and forward to 10.4.20.60
4) Allow port 22 connections from specific IP addresses, and forward to 10.4.20.60
5) After a remote client has connected using Client to Gateway VPN, allow that remote client to access anything on the LAN
I'm able to do #1-4 above, but I can't get #5 to work. Or I can get #5 to work, but can't implement the restrictions I need in #1-4. Attached are some relevant screenshots. I think the problem is that I have Forwarding rules set up that require me to have a firewall rule to Deny All Traffic from WAN1 (unless I'm specifically allowing it). In the Access Rules screenshot, rule #6 is the problem. If I enable it (thereby denying all WAN1 traffic), then VPN clinents can't access anything on the LAN. However if disable this rule, VPN clinents can access anything on the LAN, but the firewall also opens up all outside connections to SSH, since that's set up in the Forwarding rules. I would have thought that once a remote client is connected using client to gateway VPN, then that client is considered to be on the LAN, as far as the firewall is concerned. Thus a firewall rule (like #6) that is specified for WAN1 shouldn't effect remote VPN clients.
I set up an RV042 as a VPN gateway for a client a year ago. It is running firmware 184.108.40.206-tm (Feb 13 2009 13:03:21). I created a new certificate. When I download the client certificate, It comes as a .zip file. One the can not be opened by a zip utlity (windows, Winzip or 7 zip). It looks like I can just rename the file to a .pem file, but I want to make sure that is right. They were getting QuickVPN timeouts, but that looks like it was fixed in 1.3.13.
I am setting up remote access using an RV042 router. Using quickvpn or a client-to gateway vpn and shrewsoft client, I can only access/ping the LAN side of the remote router and one machine on the remote network. The PPTP server and native Windows 7 connection provide access to all machines on the remote network.I have 2 possible reasons for this and would like to find the real reason:
1) The remote RV042 is behind another router, and that router restricts access other than the PPTP traffic.
2) The VPN tunnels other than PPTP only allow access to the remote LAN side of the router and remote machines that have the remote router defined as their gateway in the IP configuration.
I have a new (about 4 months old) RV042 V3 4.0.0.07 firmware that I am trying to use in fail over mode. I have a SOHO and I normally use cable Internet connection. It is quite fast (15 megabit), but not super reliable. I have added DSL (3.3 megabit) which is five nines (supposedly) but not so quick.
I have a Westell 7500 wireless DSL modem located in the basement, where the telephone lines enter the building. This gives me a wireless link to the second floor server room through a wireless router that connects to WAN 2 of the RV042. The cable modem is in the server room and connects directly to the WAN 1 of the RV042. The cable works, but when it goes down, the DSL link comes up but does not allow Internet traffic. The RV042 is set up as a Bridge and I have set up port forwarding to get the cable to work and used similar firewall commands to route the traffic if the router switched over. I suspect that the problem is in the port forwarding (port 80) or the firewall rules(which are pretty simple) because everything looks like it switches over, but it just doesn't work on WAN2.
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
I am using an RV042 router/firewall -- firmware v1.3.13.02-tm -- connected to a cable modem.I have one public address (WAN1) assigned by my ISP's DHCP server.All my machines on the LAN have static IPs. (RV042 DHCP Server is disabled.)I have set up port (80) forwarding to 192.168.1.101 The HTTP port forwarding does work if an http client on the LAN sends a request to http://<public-ip>:80But I cannot get a response if I send a request to http://<public-ip>:80 from a machine on the WAN.
I did configure Access Rules to allow http traffic (and then tried to allow *all* traffic) between a single IP on the WAN and 192.168.1.101 The incoming log table shows a connection is made from the http client on the internet to the correct http server on the LAN, but there is no resonse from the LAN to the remote client.Is my configuration the problem, or is this feature not supported by the RV042 router? Could my cable modem be blocking outbound traffic?
I have two Cisco RV042 Routers, they are being used to connect two offices, i have created a standard gateway to gateway connection, fixed public ip addresses on both sides and everything works fine, except when the tunnel gets disconnected, it does not connect back automatically, i have to log into either router console and click the connect button to get the tunnel working again, this is really annoying since it happens once or twice a day at least.
We recently upgraded from a Linksys WRT54G router to a Cisco RV042 to gain "gateway-to-gateway" automated VPN access. However, we are unable to get "client to gateway" access working.
With the Linksys WRT54G we used a "username" "password" pair for remote client authenication. This worked for both Windows and Mac OS X users using the built-in PPTP client. We found we had to set "encryption" value to "none" on the client side.
I am confused by the setup screens on the RV042. It looks like I must setup a "tunnel" (VPN->Client to Gateway), there is (VPN->VPN Client Access) where I can enter a username/password, and also (VPN->PPTP Server) where another username/password pair can be entered. I have tried all sorts of combinations but "no love". I am particularly mystified by the (VPN->Client to Gateway) settings for "Remote Client Setup"; the client can be calling in from anywhere and there is an option for "Dynamic IP + Email Address" but I'm not sure how that maps onto the client (do they use the email address as their account name?). I have also looked at defining a "Group VPN" where I am given other options. But nothing works from the client.
I just need to come up with some setup that works, that I can document to both PC and Mac users at a miniumum.
I've got half a dozen RV042 routers in various locations. They are running v4.0.0.07. Seemingly randomly, I got the 502 Bad GatewayThe CGI was not CGI/1.1 compliant. error when attempting to log into the web interface with google chrome (same with IE too). This happens from the LAN side. I actually didn't notice it until my Opsview monitoring software threw up a critical when it didn't get an http response. The router is otherwise actually working just fine.Since the first occurrence, more of my routers have developed the same error.
I've tried different browsers, clearing caches, though I'm not surprised those efforts were fruitless, as there is clearly a problem even when no browser is involved (nagios). The nagios http check also returns a 502 Bad Gateway.
I have RV042 on my remote network, i have problems with VPN connection , user can connect to RV042 but only inside IPs that can ping from vpn user.Is it any way to make the traffic from Rv042 will back to RV042 . maybe with nat.. in example below 192.168.5.100 is my lan IP from my DSL dhcp, and 172.27.0.20 ip on remote, traffic not back to my pc/vpn client, what i want is to translate 192.168.5.100 to RV042 LAN ip address
I have a RV042 with Port Forwarding configured for RDP. This Port Forwarding Rule is being applied before my ACL - so subnets that are not authorized through are being allowed in. Firmware version 4.0.0.07.
I have router Linksys RV042 v1.2 with latest firmware Version: 1.3.13.02-tm. And I'm using QuickVPN v 220.127.116.11. I've setup VPN connection with values, below: But every time I'm trying to connect to router by VPN it always popup a window "Remote Gateway not responding".It occurs when I'm trying to connect to VPN behind other router, when I'm connected directly to Internet the connection is established.But I'm connecting to other networks using VPN and it's working properly (behind the same router), so I think it's problem with RV042 configuration but I don't now weher.
I am trying to setup the following. We have an RV042 Router and are using it as our gateway at the office. In the office we are using a Windows Domain abc.lan with DHCP of 10.0.0 - 10.0.0.254. The Router/Gateway is setup with a Static IP of 10.0.0.100.A couple of our office employees would like to work from home via VPN using their laptops. With the many options available for this router, I am not clear as to which options and what settings I should set.
I have tried replacing a loaner RV082 V2 with an RV042 V3 router with firmware 4.0.4.02. All worked well, including the site to site VPN. However, in spite of the fact that I have ports 443 and 4125 forwarded to the server (192.168.2.10), we are unable to connect via RWW. There is no such problem with the RV082. What is different with the way we configure these V3 routers for port forwarding?
Comcast installed a new fiber 10M EDI internet connection in our facility the other day and found out it is our responsibility to provide a layer 3 gateway to map the internet connection to the 14 public IP addresses they assigned to us. We are using RV042 for our existing networks with a T1 we had.
Will the RV042 provide the gateway function to route the single IP address comcast provided to the 15 public IP addresses? If so , can you provide the configuration example on this process?
Comcast EDI Connection ---> ???????? ----> 14 Static External Addresses
Interconnect Block 18.104.22.168 / 255.255.255.252.Comcast Gateway is 22.214.171.124Clear Layer 3 device WAN interface: 126.96.36.199
Usable IP Block 188.8.131.52/28Mask: 255.255.255.240Usable Addresses: 184.108.40.206 - 220.127.116.11
I've configured my rounter but am having a firewall issue, I think.I'm trying to connect remotely to an IP Camera.I've set the port forwarding on my router for port 8081 to forward to the IP of my camera.I've set the firewall aswell to allow traffic from the WAN to the IP of my camera.
I have a RV042 and I am trying to setup a Client to Gateway VPN for about 12 to 15 remote users. These users travel a lot and need to connect to the server. I have never setup a vpn and have looked at the manual and set it up like it says to. I installed the Quick VPN client on the remote computer and copied the certificate to the remote computer.
I am having two problems.
1. When I run the client on the remote computer and try to connect it tells me the cert is not installed on the local computer. (it is copied to the root program directory C:Program Files Cisco Small Business and the sub directory, C:Program Files Cisco Small Business Quick VPN Client. 2. I can continue and it acts like it's connecting but it does not. If I look at the router VPN summary it shows that I connected for only a brief time.
I have a RV042 router. The problem that I am having with it is that the DHCP is giving out the wrong Default Gateway and DNS Server. There is no option to change the DHCP server IP on any of the settings pages on the router. I am begining to think that there might not be a way to do it. I see that there is an option for the DNS under the DHCP page but the Public IP that is being handed out is not the one on that page. I also have 2 WAN connections hooked up as well a DSL link and a Cable link (the cable link is the primary one).
The following information is provided in an effort to resolve this issue: IP of Router 10.0.0.2 IP of DHCP Server (the one that is being handed out):10.0.0.1 IP of DNS (the one that is being handed out): 10.0.0.11
What I want to it be. IP of Router: 10.0.0.2 IP of DHCP 10.0.0.2 IP of DNS 10.0.0.2
I am using an RV042 router/firewall -- firmware v1.3.13.02-tm -- connected to a cable modem.I have one public address (WAN1) assigned by my ISP's DHCP server.All my machines on the LAN have static IPs. (RV042 DHCP Server is disabled.)I have set up port (80) forwarding to 192.168.1.101. The HTTP port forwarding does work if an http client on the LAN sends a request to url...But I cannot get a response if I send a request to url... from a machine on the WAN.I did configure Access Rules to allow http traffic (and then tried to allow *all* traffic) between a single IP on the WAN and 192.168.1.101.
The incoming log table shows a connection is made from the http client on the WAN to the correct http server on the LAN, but there is no resonse from the LAN to the WAN.Is my configuration the problem, or is this feature not supported by the RV042 router?Could my cable modem be blocking outbound traffic?
I have a system with a RV042 managing the internet connection.Behind the RV042 I have an e-mail server and a development machine that I access through SSH.My problem is that if I forward port 25 to my internal e-mail server it bypasses the firewall rules.I have an external vires and spam scan host that is the only one I should accept incoming email from - but it seems that whenever you add a portforward then it bypasses the firewall rules.
Very recently, we had implemented Site-to-Site VPN tunnel between two Linksys RV042 4-port VPN routers. Everybody in our remote site is accessing and sharing the data through this tunnel and it is working fine.
Now, we have a plan to implement the same for our mobile clients also. For this, we had followed all the basic configuration procedures and user got connected to Quick VPN tunnel. Here is a problem we had observed. The mobile client user is connected to the tunnel, but unable to access the office LAN from the PC.
I have a RV042 router setup with Client to gateway VPN access, and am connecting with a W7 PC running QuickVPN. We have many PC's that already have the standard CiscoVPN client on them, is it possible to configure the RV042 to allow these clients to conenct? I'm not sure how to get the Mutual authentication to work, or how to import the PEM certificiate into that client. It seems to allow it to import, but I can never select it.
I have a problem configuring port forwarding to 443 and having client VPN to work.When 443 is NOT forwarded, VPN just runs fine (QuickVPN).As soon as I enable 443, the VPN stops working. No client can connect.I have the latest 18.104.22.168 firmware.Is there a way to enable 443 and having VPN to work at the same time ? I need 443 for Exchange.
I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running Win XP PRo SP3.
I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3.