RV042G V3 protocol bind all HTTPS traffic to wan1

Similar Messages

• Intercepting all http traffic and forwarding to VIP on CSM?

  We would like to intercept all http traffic from clients from all vlans and redirect them to a VIP on the CSM for loadbalancing to 2 proxy servers. Is this possible? I can't seem to find a solution similar to our issue? Please help thanks!

  Thx Giles! Do you mean a policy that uses route-maps with next-hop? So would I point the next-hop address to the CSM client vlan IP? Do you have a support link that covers this in detail? Thx!

• Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

  -- Requirement --
  I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
  The web server instance has two listen sockets, 80 and 443.
  The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
  HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
  -- Current set-up --
  The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
  How can I constrain the reverse proxying to HTTPS traffic?
  Thanks for your help,
  Jez

  Thanks Chris that worked perfectly.
  Aside
  Before your solution I had (unsuccessfully) tried the following obj.conf directive
  <Client security="false">
  NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
  </Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

• RV042G redirects all https traffic to NAS

  Hi
  I've installed a rv042G, disabled dhcp, opened port 3389 (wan to lan), one port formwarding rule to terminal server.
  Now 48 hours later, when i try to login to the router, (https), I'm automatticaly redirect to the https site of the NAS (iomega ix-200).
  The nas is connected to a cisco sg100-24, which is connected to lan 1 on the router.
  What is going wrong ?
  Regards
  Stef

  Good morning
  Hi Stef, thanks for using our forum, my name is Johnnatan and I am part of the Small business Support community. You can go to the Web interface in your router and go to Firewall > General and enable the remote management option, you can also specify the port, it could be 80 or 443. Remember if you can specify a port different than 80, you have to type it after the ip address, like this;
  1.2.3.4 → your public ip address.
  8080  → your remote management port.
  1.2.3.4:8080  → Your ip in your browser
  I hope you find this answer useful, 
  “Please rate useful posts so other users can benefit from it”
  Greetings, 
  Johnnatan Rodriguez Miranda.
  Cisco Network Support Engineer.

• RV042, protocol binding problem

  Hello everybody,
  I have some problem with my RV042 router and my internet connections. (               Firmware version :                     1.3.12.19-tm  (Feb 13 2009 13:03:21) )
  The rv042 is connected to one ADSL (WAN2) connection and one SDSL (WAN1) connection. We have dynamic ip address on ADSL and static ip address on SDSL.
  For a specific utilization we have to use SDSL because we need an IP to be authorized to connect to a monitoring tool.
  To summarize, all the HTTP traffic will go through WAN2 (ADSL for better download rate), and for specific needs some HTTP traffic have to go through WAN1).
  You can see on the attached picture, you can see two rules :
  The rule A is the one i would like to make it working.
  The rule B handles all the HTTP traffic.
  If i deactivate B, rule A works and when B is activated again, A doesn't work anymore.
  I think the more general rule B matched the packets before they could be matched by rule A. It's not the right behavior i think, as firewalls will do.
  Best regards,
  Germain

  Hello,
  we have the same problem for binding all our HTTP traffic trough WAN2.
  Our technical conditions go together with yours:
  WAN2 Dynamic ADSL For all HTTP traffic
  WAN1 Static SDSL For all other services
  We have tried some UPnP and forwarding constelations, but none of this
  configuration tests/profiles will work correctly..
  We want to benefit some of your answers, but they don't work.
  Can any one of you demonstrate how to bind the complete HTTP traffic to
  the WAN2 interface?
  We would very appreciate for your suggestet solution.
  tobi t.
  Sent from Cisco Technical Support iPad App

• Http Traffic Slow/Broken, ping fine

  Hello,
  I am writing because as of this morning all http traffic on my network has went to a snails pace.  However, pings of all types work at normal speed, but fail approximately 5% of the time(Independent of pinging internal address or external).
  I have a very basic setup, i do not really have any custom configures on anything. The only wifi authentication at the moment is WPA2-PSK.  I have this network set up as a test bed for a new setup, its a good thing too because it is unusuable in its current state.
  Network Setup:
  3 3502i AP - Setup in Hreap mode - Connected to PoE Switch
  1 2106 WLAN Controller - Connected to 2960
  2960s Switch
  Dell Layer 2 PoE Switch
  Thanks!
  Seth

  Since you are using HREAP, I'd sniff the AP port.  Make sure the traffic is flowing in both direcitons there before going further.  You should also make sure to prune the VLAN that are not needed on the AP.
  Also, make sure your ports are full duplex and not at half.

• All HTTPS blocked at office. Anyone know iTunes Sign-In IP address??

  We have a Netgear FVX538 router and all HTTPS traffic is blocked. I can open a hole in the firewall if I know a specific IP address for the secure site I want to allow access to.... however, iTunes Sign-In happens inside iTunes so I can't tell what address it's using.
  How can I find out what IP address to allow HTTPS access to?
  Thanks

  There is no single IP address; the iTunes Store uses Akamai's distributed server network which may use any one of a number of different servers. If your firewall allows exceptions by domain, though, try exempting these:
  phobos.apple.com
  phobos.apple.com.edgesuite.net
  Hope this helps.

• RV042G difference between bandwidth - protocol binding for WAN ports

  Can somebody explain a little bit better then the manual what the differences are between bandwidth management on WAN ports and protocol bindings?
  If you can specify in each section which protocol should go where why having two places to configure this?
  Or are there some things to remind when using one of them?                  

  Even if I tell the router to use bandwidth priority for SMTP to WAN2 (and i do not have protocol binding active for smtp to wan2) it still goes to wan1, how does the router choose this kind of behaviour?

• RV042 - protocol binding not working as advertised

  Hello everyone.  I seem to have an issue that I cannot find a solution to and was hoping the support community would be able to help.  The platform I am trying this on is the RV042.  I have updated the firmware to 4.2.3.03.
  The scenario for this configuration involves two RV042 routers.
  The office router will only have one ISP.
  The remote router will have two ISP where WAN1 will have a high-speed Internet link and WAN2 will have a satellite high-latency Internet link.
  I can establish WAN1 on the remote router to create a VPN tunnel back to the office router.  This works great.  However, I was hoping to use "Protocol Binding" to direct a Service (TCP/5000) to only transmit over WAN2.  I was hoping to dedicate WAN2 (satellite connection) specifically for this Service and no other traffic can transmit over WAN2 (even if WAN1 was offline).  In the case that WAN2 is offline, this Service will fail on transmit as well.
  I am having issues getting this to work.  I have created a custom Service for TCP/5000.  I have created the "Protocol Binding" for this Service where I have used the computer performing the transmission (192.168.1.100 to 192.168.1.100) to destination (0.0.0.0 to 0.0.0.0) on WAN2.
  The problem I have now is if WAN1 goes down (or disconnected), all traffic goes over WAN2.  This includes HTTP, HTTPS, etc.  On a satellite connection, this can get very costly.  Also, if I disconnect WAN2 and leave WAN1 online, I noticed this TCP/5000 traffic is transmitted successfully as well.
  This leads me to believe that my Protocol Binding is not configured properly.  I have found a few discussions and Internet articles regarding protocol binding with similar issues, but no solution has been given.
  I hope someone out there can help!!

  Hello l0p3zz187,
  Unfortunately at the Small Business level of devices we do not have a device that will do as you need.  I would recommend contacting our Enterprise Presales team to see if they can suggest a device that will meet your needs.
  That number is 1-800-553-6387.
  Regards,
  Michael D.
  If this post is helpful please rate or mark as correct.

• Add Both as an option on protocol binding.

  Please consider adding "Both" as an option on protocol binding to allow load balancing specific ports/destinations.
  It's needed to do things like Bind all IP trafic to ip XXX.XXX.XXX.XXX except traffic on port 80 where you'd put the port 80 > Both rule above the all traffic to XXX.XXX.XXX.XXX to wan2 rule. (I assume the rules are first match otherwise whats the move up/down for?)

  Hi dragon2611,
  I have read an article before with regard on the reason why having an option "BOTH"" may not be possible. According to that article, this is to avoid a condition where all WANs are assigned to specific Intranet IP or Service Ports and destination IP, resulting in no more WAN ports available for other IP addresses and Service Ports.

• Protocol binding doesn't work for OVPN clients.

  As title, it seems protocol binding doesn't apply to users remote connecting via OVPN, meaning that even though I have a rule covering 172.0.0.1 - 172.0.0.254 for all traffic to wan2 the remote users outgoing traffic is still getting loadbalanced.
  This causes a problem for SSL sites as it's not hitting the rules to pin to wan2.

  I will have to verify this since the LRT OpenVPN Server shouldn't be using outgoing Load Balancing and get back to you.
  Please remember to Kudo those that help you.
  Linksys
  Communities Technical Support

• RV016 Protocol Binding & Access Rules do not work on PPTP

  Hi
  I am Enabled PPTP Server and connection success, but can’t block the internet service by Protocol Binding and Access Rules for PPTP client.
  The PPTP Server:
  192.168.1.150~160
  Protocol Binding:
  HTTP [TCP/80~80] -> 192.168.1.150~160(0.0.0.0~0.0.0.0)
  Access Rules:
  1; Enable; Deny; HTTP [80]; LAN; 192.168.1.150~160; Any; Always
  Firmware Version: 3.0.0.19-tm
  I tried to test the setting by local PC connect the router directly. The rule is running.
  But by PPTP, it can go to internet. And confirmed the VPN IP is 192.168.1.150

  st1\:*{behavior:url(#ieooui) }
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:表格內文;
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-fareast-font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  HI  Mr Krastew.
  Thank you for your reply.
  But i am not looking stop internet web service on my client side only.
  May be I explain more here.
  The client PC is running on intranet, that mean client network stopped all service [1~65535: TCP/UDP] pass through WAN. At this moment, the client network allows the PPTP Port 1723 pass through it only. And the Client PC is running on manual configure No DNS.
  And the client requests that client PC NO intranet service when PPTP VPN connected. So I can't Disable Using Remote Network Default Gateway on TCP/IP Configure.
  And Server (RV016), half of pc allow connect to internet.
  The Local PC in server LAN can control by ACL.
  The client connected by PPTP and the IP still within the ACL. But it can access internet all service. (e.g. FTP, HTTP).
  So I want to know it is my configure problem? Or the router own problem? Or my design problem?
  Now, I key in wrong DNS on client PC to Cheat the user for temporary.
  Best regards,
  Joe Wong

• RV042 protocol binding for SIP and RTP (VoIP)

  Hello everybody,
  I have a RV042 with a DSL (WAN1) and cable (WAN2) internet connection in Load Balance Mode. The DSL provider also provides internet telephony when registered via his line. When I disable the WAN2 port, my IP phone successully registers with the registration server of the DSL provider. I also defined protocol bindings for SIP (port 5060) and RTP (ports 5004 to 5020) to be bound to WAN1. My IP phone is set up to listen on only these ports.
  The rules are in detail:
  SIP(UDP/5060~5060) -> "myPhoneIP"~"myPhoneIP" ("RegistrationServerP"~"RegistrationServerIP") WAN1 [Enabled]
  SIP(UDP/5060~5060) -> "RegistrationServerIP"~"RegistrationServerIP" ("myPhoneIP"~"myPhoneIP") WAN1 [Enabled]
  RTP(UDP/5004~5020) -> "myPhoneIP"~"myPhoneIP" ("RegistrationServerP"~"RegistrationServerIP") WAN1 [Enabled]
  RTP(UDP/5004~5020) -> "RegistrationServerIP"~"RegistrationServerIP" ("myPhoneIP"~"myPhoneIP") WAN1 [Enabled]
  With these protocol bindings in place when I re-enable WAN2, then after some time the phone reports "registration failed".
  Do I need to set something else apart from protocol binding to force the VoIP traffic to go via WAN1?
  Thanks for your help
  Felix

  Pardon my memory if I am mistaken, when configuring the protocol bind for the WAN port, there are 4 or 5 options. Service, which of course is 1~65535, source IP, in this scenario it should be the phone or PBX, whatever you're using. The destination IP should be 0.0.0.0 and interface is your desired WAN, WAN 1 or 2.
  Example:
  Wan 1- Cable       Wan 2 - Dsl
         |                              | 
         | ________________ |
                        |
                    RV042-----------
                ____|                |
                |                     Computer  192.168.10.100
            Tele/PBX 192.168.10.250
  On this example to route the Telephone / PBX to WAN 1
  All services 1~65535
  Source IP 192.168.10.250
  Destination IP 0.0.0.0
  Interface WAN 1
  Please correct me if I am mistaken, I'm currently not at work due to the US holiday

• DMVPN split tunnling issue, not able to by pass http traffic at spoke end.

  Dear all,
  I would appreciate please help me out to resolve following issue.
  I have been using DMVPN setup (Routing protocol EIGRP) for 20 site no issue at all and everything is perfectly working.
  Now I received one request that I would need to split corporate legitimate traffic and internet traffic at spoke end, so all internet traffic has to forward via local ADSL connection , but I tried to resolve it but  spoke router is  continuously forwarding all traffic to tunnel.
  Moreover I found on internet that DMVPN has limitation that split tunneling is not possible.
  Please can you suggest me how can I forward internet traffic (HTTP) via local ADSL connection
  thanks and regards,

  I agree with Marcin.
  At the spoke you would need to add a static default route for the internet traffic.  You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric.  Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down.  But if they are both located off the same interface then there is no point in keeping the injected default route.
  Please remember to rate and select a correct answer

• RV042 - Priority Routing HTTP Traffic Over WAN2?

  Hi,
  I have an RV042 set to load balancing.  WAN1 is a T1 and WAN2 is an ADSL connection.  It seems that more often than not web traffic is going out over the slower WAN1, so I'd like to try to route http traffic over the ADSL before the T1 due to the higher download speed.
  Is there a way to do this?
  Thanks!

  blasty,
  Yes it is possible. It is called protocol binding, and the configuration steps for this can be found on page 23 of this guide:
  http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf
  If you have any problems please post them in as much detail as possible.
  Bill