Cisco Routers :: WRVS4400N Accessing Local Services Via External IP?
Aug 7, 2011
Recently I'm having issues with accessing local services via external IP. Short description of configuration:
- sub.mydomain.com pointing to my external IP.
- few web services running on my local server with reverse proxy on Apache 2
- firewall on router enabled
- ips on router disabled
- single port forwarding: WAN 80->Lan 443, WAN 443->LAN 443
- accessing my services via sub.mydomain.com/service1, sub.mydomain.com/service2, etc
- I had to create a new rule in internet access policy allowing LAN, any, any to
Basicaly if I go no matter if I type http or https I will be redirected on 443. That configuration has beed working without any issues for a month. Recently I have increased the amount of DHCP users and suddenly it's not working any more. I can still access my services from outside but not from LAN.Restarting router does the trick for a while,sometimes for few minutes, sometimes longer.Enabling IPS is the way to go but then I'm limited to around 22Mbit/s. I have no idea what happend.What I can't understand that it was working, suddenly it's stopped and there are two solutions, either to enable IPS or to restart router?
I need to access a shared folder over a VPN connection. Very simple host network: no Microsoft server, no AD. Just a WRVS4400N router and a peer-to-peer network.
Purchased a second WRVS4400N router to create VPN from SOHO and configured via VPN Setup Wizard.
When at the office, I can map a drive letter to a share on the other computer, as follows
net use f: \192.168.1.111MyShare /User:MYSELF mypass
However, when try same command over VPN, I receive the response:
System error 53 has occurred. The network path was not found.
I also cannot net view the other computer -- same error. However, I can successfully ping 192.168.1.111.
More info:
Routers have latest firmware.
Over VPN I cannot browse network via Windows Explorer (Win7 Network Neighborhood shows only my own PC. In the office I can see the other computer and the NAS appliance "NAS01").
I also cannot connect by entering \192.168.1.111MyShare into Windows Explorer's address bar (although I can do that successfully when at the office), or by choosing Map Network Drive from "Computer".
However, over VPN, I can get into NAS administration via https://192.168.1.3 and I can print to the office TCPIP printer (192.168.1.222)
I want to know whether NAT loop back is possible with the RV220W router/firewall, or when can we expect a firmware update that addresses this?For terminology sake, what I mean is that I've got a rule that maps HTTP/S to 192.168.1.2. However, when accessing my external ip from an internal ip, I don't get routed to 192.168.1.2.
I recently upgraded from Linksys WRT54G to D-Link DIR-655 firmware version 2.0. All the features are working as advertised however i am having difficulties accessing UPnP services in my network. I have a Samsung 55" internet enabled TV connected to the router and also have few devices that can stream over UPnP to the TV. The option to enable the UPnP is enabled in the router configuration however its not finding devices in the network ... comparing that with Linksys ... all i had to do is enable the UPnP and all my devices discovered each other and started streaming without any issue. What do i need to do in D-Link to enable the UPnP devices ...
I turned DHCP off on the Cisco so that wireless devices that connect to it get a 10.1.10 address from the Comcast device. Now, I am completely unable to connect to the web interface of the Cisco, whether connected to it wirelessly or even if I plug directly into one of the LAN ports on it. I have one of the LAN ports on the Cisco connected to one of the LAN ports on the Comcast. What am I missing here? I'm guessing I'm not able to see the 10.1.11 addresses when I am getting a 10.1.10 address from the Comcast, even though I'm connected to the Cisco?
I have two devices in my office which both need to be accessible externally. One is an FTP server (Hermstedt Stingray), the other is a NAS drive (Lacie). I don't have a static IP so have instead configured an account with DYNDNS. My understanding is that by using this method, only one device will be ever be accessible because of the one single dynamic IP. Is this correct? Or is there a way of configuring something somewhere (DYNDNS, router etc) so that both my devices can be accessed externally.
I have a mail server, with external access which works fine for external access thorugh our router (a 1941). I have a laptop which connects to a wireless network that is inside our router. When attempting to navigate to the webmail or use outlook, it cannot connect.
The laptop is configured to access the mail through the external path as it would be offsite occasionally.
I think the problem seems to be that the traffic is not leaving the router to come back internally. The laptop can ping the external address ok.
I read about something called hairpinning - is this what i need to be looking at?
I recently purchased the dir-655 router, and am impressed by it's speed. I had no problems configuring the router to my liking, and have found that all of my wireless devices communicate with it flawlessly.
However, my main reason for purchasing this router was for the USB port. I had hoped to connect my 2TB external drive and have it accessible by all wireless devices in my home. To my understanding, the USB port relies on the use of the Shareport Utility. I've installed the Shareport Utility to my laptop for wireless access to my media files for streaming.
Here's my problem. How can I access my media on my external HDD connected to the dir-655 with Apple TV2? I've read several options for PS3 users... and they all seem to involve leaving the pc/laptop running. I would ultimately like to bypass the necessity of leaving my laptop on... but if that's not a possibility, I can live with it being left on.
Therefore, is it possible to access the external drive connected to the dir-655 with my Apple TV 2 by using the laptop as a bridge? Can I access the content via Apple TV by using Windows SMB just as I currently do to access media stored on my laptop?
To summarize, I want to have access to the media on my external drive connected to the dir-655 via Apple TV2.
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
We have a D-Link DIR655 wireless router on our network. I have purchased two Seagate 1TB network storage units and would like to have one for me and one for my wife. It seems that the router will not support two, because they try to access the same port. How can I plug these two storage units to the router and have access for each of us to one device?
we recently upgraded from an RVS4000 router which didn't have this issue.
the problem; Internal users from Site A cannot access the external owa address.From Site A i can successfully ping both the external/internal IP addresses/names and they resolve correctly, including pinging the address ('mail.company.com") resolves correctly to the external ip address.
I have a hosted web server that has a website on it that needs to connect back to a database within our internal network. We have a Cisco WRVS4400N Wireless Router with 2 VLANS. VLAN 1 goes to a Watchguard Firebox which is connected to our internal network. VLAN 2 goues to our classroom network.
Our database is on VLAN 1. I have opened port 1433 on the Watchguard to allow SQL traffic from our Web Server. I can telnet from my workstation on VLAN 1 to the Web Server over port 1433, so I know the Web Server is not blocking anything. When I try to telnet from the Web Server to our Public IP address over port 1433, it fails.
I believe I have the firewall on the Cisco WRVS4400N off, so it shouldn't be blocking any traffic, but for the life of me I can't get this to work. I have been working on this for two days, and I NEED it to work. This was working up until last week, then it quit working. I am the only person making changes to our network, and there were no changes made during that time.
I have a scenario where there is an ASA5510 configured as follows:
Interface0 = Outside Interface1 = LAN Interface2 = DMZ Interface3 = unused Running ASA version 8.2[1]
All network operations are fine, as are the IPSEC tunnels to other branch offices, and the incoming SSL VPN accessed via the IP address assigned to the external adapter.
My problem is that I have a device on the DMZ that needs to access the AnyConnect service hosted on the external adapter so that it can access LAN resources. When I try accessing it, I see the following errors appearing in the debug log:
3Dec 03 201212:10:50710003[DMZ client address]51031[AnyConnect ExternalAddress]443TCP access denied by ACL from [DMZ client address]/51031 to DMZ:[AnyConnect ExternalAddress]/443 If you look closely, it suggests an ACL issue from the DMZ client to the external AnyConnect IP address BUT it suggests the Anyconnect IP address is on the DMZ interface.
Alright so I have an SSH server running on my network. I can successfully connect to it from a local computer using the server's internal IP address, AND I can connect to it from a remote computer using the server's external IP address (it's properly port forwarded).
However, when I try to connect to the server from a local computer using it's external IP address, I get a connection refused error. Is there something I'm missing?
I'm using a Netgear WGT624 Router for my firm's intranet. At home I'm using a router called NSW-R2 by Gembird..
What I want to do is connecting my PC at home (Windows XP) to my firm's intranet so I can print on my LAN Printer or edit files on my NAS.
I've heard about VPN tunnels, but I don't want to keep my firm PC on 24 hours a day. So is it somehow possible, to build a VPN or something similar by only using the Netgear WGT624 Router?
Edit/More Information: I've steup a DDNS. My Router supports Port-Forwarding. I'm currently using Remote Desktop. Both PC run Windows XP Professional.
My ISP sends various services through VLAN. Internet, TV and Telephone.Now I wonder, is it possible to use this router to distribute these VLANs through the wan port to eg my IPTV box?
I have some questions regarding the addition of custom services and their use in QoS for RV routers (I use the RV220W). Suppose I create a custom service as: Name: My Service Port: TCP 60000
1. Does this port number refer to the port number used by my LAN computer or the port number on the other side e.g. some computer on Internet I am using this service to connect to? Some services use the same port number on the side that initiates the service and the receiving end but there are services that use different ports for the initiating and receiving end. So, what is the meaning of the port number when creating a custom service?
LAN Computer : (port TCP 60000) <----> Internet computer : (some TCP port, not necessarily 60000) - or - LAN Computer : (some TCP port, not necessarily 60000) <----> Internet computer : (TCP port 60000) ?
2. Suppose I create a QOS profile binding configuration with respect to this custom service for a specific IP address on my LAN. QOS is applied to the outgoing network traffic only. How is this profile going to work?
A. Applied to traffic originating from my LAN device with the specified IP address and port TCP 60000 - or - B. Applied to traffic originating from my LAN device with the specified IP address to another computer's port TCP 60000 ?
I have two servers behind the RV180 and a list of ports I would like to open to the public (80, 443, 21, 3389).In that case, I have to setup 8 Access Rules. I am OK in the first time setting up.But later on, if I would like to change the external IP <-> internal IP mapping, I have to change the Access Rules one by one for all related ports.
Does it has a setting for grouping the ports together so that I can set the Access Rules by one time only ?BTW, the summary view of the Access Rules in RV180 is not very clear, I can't differentiate the Rules for different Destination NATs ... I have to click into the details one by one ...
We recently moved to a new office and currently have three ISPs(DSL, SAT, 4G) because we are unable to get Cable nor Fiber services. We have anywhere between 7-20 Remote Desktop connections(with lot of file transfers) and 8 VOIP lines. Basically, we need to bind certain services to specific WAN links in order to make everything work somewhat decent because of the limited bandwidth and/or latency of each ISP.
I would like to double check if the bindings are working for the specific services, and it has been difficult to verify if the settings in the RV016 are working. I believe it's not working 100%, and I need a way to check and make sure that my settings are being followed.
What would be the best way to check the current connections to see if the service is being routed via the WAN link specified in my setting? My RV016 is HW ver 3, but not the latest firmware. Purchased about 2 months ago.
Today I had to reset the router completely to factory default, if I was adding services to the forwarding or UpNp service management, suddenly it stopped adding the new ones.Now after starting all over it's having the same behaviour, see below my services, normally you can have 30 rules in this list but I cannot add new ones now.
Now I want to insert a new service IMAPS for port 993 so I go to service management.Then press "add to list" see below for result.It is there, then press OK and the screen closes, now if I choose a service from the list, it is not there !!
I have 25 of these routers installed behind various providers and transport (DSL, Cable, UVerse). At sites where I have static IP, I can't reach any service inside, and in fact can't even reach the router for Remote Management. At all times the users indoes can do whtever they like, the have Internet access.
At sites where we draw a dynamic IP or use PPPoE, I can reach services and manage the router until a known issue stops the inbound traffic.
I have a little probs@a site .we have a vsat link connected to a linksys E1000 router which is pluged into a cisco 2950 switch doing DHCP to the LAN,then a WAN link configured on a cisco 2911 router on static ip which is pluged into the same switch to serve the same LAN.I have been having issues of the workstations accessing both the WAN and internet@ the same time.
Right out of the box, the WRVS4400N [firmware v2.0.1.3] I just purchased says the WAN interface is DOWN; and it simply will not obtain an IP address from the Arris TM602G cable modem it is attached to. Internet still runs great on the old WRT54G. Is this WRVS4400 DOA? Or is there some arcane setting the quickstart guide overlooks? OR?
I'll just use the 4400n to provide DHCP to my two VLANs and then a new problem cropped up. I am unable to add a default route to the 4400n's DHCP server. It uses the 4400n's vlan IP as the default route. What I'm trying to ultimately achieve is to configure the 4400n as an access point for our "private" network on vlan1 and also "guest" access to the internet on vlan2.
I'm having problems trying to establish a IP Sec tunnel from the office to home. All of our machines are Macs so I have been using the directions described in "How to create an IP Sec tunnel for MAC Clients, A QVPN alternative" but I still can't get it to work. My setup is as follows:
The office is connected to the outside world through a MODEM (Sagemcom 2864 Connection Hub). This MODEM is also a wireless router. It's DHCP server provides addresses 192.168.2.x.The WRVS4400N's WAN port is connected to one of the LAN ports on the MODEM. It's IP address from the MODEM is 192.168.2.x. The WRVS4400N provides addresses 192.168.21.x to devices connected to it.We have a DynDNS account and are using the DDNS client on the WRVS4400N router to connect to it.At home, we have a DIR-655 router with IP Sec Passthru enabled. The router provides IP addresses 192.168.1.x for all devices connected to it. I am fairly sure there are no issues with the router setup at home since I am able to VPN into the office of my full-time job without any problems. I have tried just about everything I can think of but have not been able to get this to work. setting up the Local and Remote Group Settings on the WRVS4400N and the IP address settings in IP Securitas?
Ive setup a few WRVS4400N over the past 6 months, and have been receiving the below message from some of them every couple of hours.What does the message indicate?
I have successfully got QuickVPN working from Windows 7 64bit into my WRVS4400n. The router is sat behind another router/modem (Belkin) as the UK uses PPPoA and the WRVS4400n doesn't.So I set up DMZ and changed the DHCP to always allocate 10.x.x.2 on the Belkin which is the WAN side for the WRVS4400n as it is the only thing attached.I have now noticed, and I'm not sure whether it was the case before, that the DNS that the WRVS4400 is showing is the LAN address for the Belkin Modem/Router (10.x.x.1), not 192.x.x.1 for the WRVS4400n itself. I assumed setting the Static DNS 1 on the WRVS4400n would do it, but it didn't?When I connect into the network with QuickVPN, the computer names do not show even though I have selected the option in QuickVPN?
I have 2 WRVS4400N's available to be. One is running my network and security connected to my WAN.I want to use the other one stricly as a switch or even adding wireless repeat of my current wireless LAN.
Recently installed a WRVS4400N router on my home network. Prior to that I was using the wireless built into my FIOS router. I wanted something more secure so I went with the WRVS4400N. I turned off the FIOS wireless and am only using the cisco wireless.
Im having intermittent issues with the wireless. I have many things hooked up to my wireless including a HP printer and a Sonos system. Most of the time if I just open my ipad I cannot see anything else on my network including the printer. If I try to see the Sonos system can cannot, sometimes I can open the app on my iphone and then I can see it.
Sometimes I can see the printer and sometimes I cant. Sometimes when I do see it and then print to it, it will be gone before it even prints. I don’t seem to have any issues thru the LAN connections.
Also, ive noticed that the wifi is much slower than the old FIOS box.
FYI, when I remove the cisco and fire back up the FIOS wifi I don’t have any problems at all at any time. And its much faster.
I have tried channel 6, 11 and auto. Also turned off IPC and still no change.
I have a gateway to gateway vpn (home-office) working fine for almost an year btw 2 wrvs4400n routers, This morning, the VPN tunnel was down. I clicked "Connect" from the web based interface, but it does not reconnect.
I tried setting up a new tunnel using the VPN setup wizard, but it says it can't connect to the remote router. Which is strange, since I can ping there normally.