VPN and a Dual Wan router confusion

Similar Messages

• Windows server with dual wan router

  Hello, I have a doubtful scenario to be addressed. We had our 2008 server running on a single internet connection, but since its not reliable and has down time we planned to get another one.  We also bought a
  DUAL WAN Router so that we get some of the IPs without the group policy applied for testing purposes. So if we run a DHCP
  server on the router instead of the Windows 2008 server, will it work? We need one internet connection as the main connection and the other as standby for continous internet access.

  Guys,
  This is getting difficult to follow the conversation.  Let me try to clarify,..this is way way simpler than what it is being made (as far as I can interpret the situation).
  1. The dual WAN is completely irrelevant to the situation.  It could easily be a single WAN (single ISP) and it wouldn't make any difference.
  2. The WAN Device is the "Firewall",...meaning it is the NAT device,..and the only NAT Device
  3. There is no VPN,...but if there were the VPN would have to be performed by the WAN Device, meaning that you would have had to purchased one capable of such.
  4. The private LAN, as far as I can tell from what I read, is a single subnet "flat" network. Hence there is no router, none, zero,...and there should not be.
  5. The result of #3 and #4 mean that RRAS should not be enabled on any server on the LAN anywhere.
  6. DHCP needs to be, or at least it is best to be, "Active Directory Aware". Therefore it should be run on the Domain Controller.  The WAN Device should have Client serving DHCP completely disable.
  7. Group Policy is applied to an OU. If a machine account is in such OU then the policy will be applied, if the machine account is not in the OU then it will not be applied.  GPOs should be applied to specific OUs,...not at the "root" of the tree. 
  The only policies that should be applied at the "root" are the Default Domain Policy and the Default Domain Controller Policy,..and those should never be touched and left at their "default" so that you have a place to return to if GPO things go badly. 
  Do not leave objects within the Default Containers (Computers, USers, etc). Always create one or more OUs (you can even nest them), move the objects into them, and Link (apply) the GPOs at that level.
  Hope this helps clarify things.
  Phil

• RV325 Dual WAN Router - Use only one IP

  I have a rv325 dual wan router. I have setup load balancing on the router, but I don't want one of the servers here being load balanced. How do i set it to only use a specific WAN while everything else is load balanced?

  Michael,
  I like to share link that will has a step by step screenshots on how to configure protocol binding. Your source ip will be server and Destination is whichever WAN you are shaping that traffic. Hope this helps
  Article ID: 4242
  http://sbkb.cisco.com 

• Cisco RV320 DUAL WAN router USB setup with Telstra 4G MF823

  I am trying to setup Cisco RV320 DUAL WAN router to work with my prepaid Telstra 4G MF823 device. Could you please assist. My settings are as follows: InterfaceUSB2Connection Type:3G/4G PIN Code:Confirm PIN Code:USB Connection Status:3G/4G modem is not available.Access Point Name:telstra.internetDial Number:Username:Password:Enable DNSDNS Server (Required): 8.8.8.8DNS Server (Optional): 8.8.4.4MTU:AutoManualB

  Hi oz000,
  Unfortunately we don't have anyone here to assist with this particular issue. Our team here provides assistance for the device standalone, we ensure that the 4G device connects to the network and functions correctly on its own.
  -Matt W
   

• Lrt224 dual wan router

  Hi im new in dual wan setup. Please help.
  Heres my problem
  Wan 1 dynamic globe telecom primary
  Wan 2 static pldt telecom
  Link failover mode
  1 router is plug in to lrt224 to serve wifi and my switch also plugin to the wireless wifi
  1 cctv dvr connected to lrt224 port 9000 webport 9100 with auto detect settings setup
  Now:
  Sometime cctv camera broadcast to public ip when switch to wan2 but sometimes cant show also
  Same way around with dynamic wan 1 as primary
  Solved!
  Go to Solution.

  Thanks Guys, its a big help.......

• OS X Server as a Dual WAN Router

  Hello.
  I am studying a way to use a Mac Mini with Snow Leopard Server as a Gateway for our network (about 20-30 clients). I know I can use a USB NIC as a 2nd interface to the internet. I wonder if I could use 2 USB NICs to simulate a 2 WAN router. Could it work for load balance? I have 2 ISPs and my router (Hotbrick) has just died.
  So my config would be: 2 USB NICs to handle the 2 ISPs connections and the integrated NIC to connect to my internal network.
  As I have very little experience on MAC OS X server, I ask if I could this way have NAT, Firewall, Load Balance and VPN services.
  Thanks in advance.

  There's no inherent load balancing option within Mac OS X, so using Mac OS X to load balance multiple upstream WAN links is going to be tricky, for sure.
  There are ways of doing it, but it's far outside of the box, and I wouldn't recommend it, especially if you're new to using Mac OS X Server.

• Simplest dual-WAN setup for LRT224 ?

  Hi folks
  Hope someone can help with some insight / advice here.
  First, some background :
  For a while I’ve been using a conventional ADSL modem-router device to connect to my primary ISP, and thereby provide internet connectivity to a number of desktop PCs, laptops and other mobile devices in a small office environment. I plug the “output” (LAN port) of the ADSL modem-router into a switch, and I also plug a dual-band wireless access point (WAP) into the switch to provide wireless access for the mobile devices. Generally this all works fine.
  One problem of course is that if/when my ISP goes down - which does happen occasionally - I have no internet. Also, I am starting to need extra bandwidth, and ADSL connectivity has pretty much reached its speed ceiling in my area. So I’ve been looking at ways of providing redundancy and higher speed by having multiple connections, possibly with different technologies and different ISPs. One option is to go with multiple ADSL connections; another (perhaps better) option is to go with a high-speed fixed-wireless (LTE) connection. With LTE, I can easily get over 30Mbps, so I’ve gone with that option for now. FTTH may be an option on the future. Obviously I needed a 2- or 3-WAN router device to do the connection management.
  I had a preference for a dual-WAN router that isn’t tied to any particular communication technology (like ADSL, or VDSL) to give a degree of future-proofing for new technologies like FTTH. I prefer modem devices that have a conventional ethernet port as an output, and hence router devices that have ethernet ports for WAN inputs. This eliminates “combined” devices like Draytek’s “Vigor” ADSL+WAN modem-routers, or routers that have provision to connect a USB 3G stick modem for failover. 
  While shopping around, I looked at options like the Cisco RV042/043, the Peplink Balance 20/30, and the Belkin/Linksys LRT224. The LRT224 seemed to offer a reasonable compromise between price, features and performance, so I went with it.
  Both my CPE devices are combined modem-routers that completely manage the connection to their respective ISPs, presenting me simply with an ethernet port (or ports) for connection to my local LAN. Specifically, I’m using a D-Link DSL-2500U ADSL modem (1 LAN port) and a Huawei B593s-601 LTE modem (4 LAN ports). Both include the usual functions such as DHCP server, NAT, firewall etc. Previously I’d always give the ADSL modem a fixed IP, and then it let it handle DHCP for the whole of the downstream network. So far, so good.
  My requirements for now are pretty straightforward :
  - Simple failover operation, ie if one ISP (WAN) goes down, the router should transparently and quickly re-route traffic to the other ISP.
  - Load-balancing, ie the ability to apportion traffic between the two ISPs according to a number of different algorithms. Ideally I would want to see options like : equal traffic (bytes) per ISP, % traffic split (eg 60:40), pro-rata split based on connection speed or latency, etc etc ..
  - Ability to log into the ‘Web control panel for any of the three devices (LTE modem, ADSL mode, or dual-WAN router) directly from the office LAN without unplugging or re-cabling anything.
  - I've no need to use the VPN functionality on the LRT224 at the moment, though that might come later.
  Here’s where I need some input and help :
  So far, the only way I’ve been able to get this all to work together is as follows :
  1) Set up the ADSL modem with a fixed IP of 192.168.1.1 and let it do DHCP on a range like 192.168.1.50/149.
  2) Set up the LTE modem with a fixed IP of 192.168.2.1 and let it do DHCP on a range like 192.168.2.50/149.
  3) Set up the LRT224 to get WAN-side IP’s from the upstream devices on both WAN1 and WAN2.
  4) Set the LRT224 in “Gateway” mode.
  5) Set up the LRT224 with a fixed IP of 192.168.0.1, and to issue downstream DHCP IP addresses in the range 192.168.0.50/149.
   What I've noticed in trying to get this all to work is the following:
  6) This only works (and gives visibility of all 3 devices) when the two modem devices are on different subnets (like 192.168.1.x and 192.168.2.x). Trying to put them both on the same subnet as the downstream side (all on 192.168.0.x) just doesn't work, or one device is not visible.
  7) This only works with the LRT224 in "Gateway" mode, even though "Router" mode seems more fitting.
  The setup given above (1 through 5) does work, and gives a situation like the following :
  Failover works OK, and I can see any of the three edvices from the office LAN by connecting to any of the assigned IPs.
  However, the problem is that the throughput really sucks.
  If I connect the LTE modem (only) direct into the office LAN, I get in excess of 20Mbps downlink speed. However, when connecting via the LRT224, I don't even get half that speed, even if the LRT224 is in simple failover mode and the ADSL modem is turned off or out of the picture.
  Given that the LRT224 isn't "processing" the packets at all, and there's no VPN overhead, I find it hard to understand why it sucks up over 50% of the throughput. Also, the reviews I read on the LRT224 listed throughputs in the hundreds of Mbps, so this really shouldn't even be a factor. Also, having the LRT224 eat half the throughput partly defeats the one object (higher speed).
  So my question is : Is the above setup really the way to do what I want ? Or is there a better way ? The upstream arrangements with dual DHCP on different subnets seems overly complex. Is there a simpler way with PPoE, or PPTP, etc ?
  What might I be doing wrong ?
  Any input or advice would be much appreciated.
  Thanks

  Thanks for the suggestions, guys; although I've pretty much covered all of those things.
  For info :
  1) The router came with firmware v1.0.0.9 (Nov 25, 2013 - the initial release), but I have updated it to the latest v1.0.2.06 (Mar 28, 2014). (This is the third release in 4 months, so it seems Linksys is working fairly actively on LRT2x4 firmware).
  2) I have the "Maximum Bandwidth" figures (reached at Configuration / System Management / Bandwidth Management) set to the appropriate values, including a maximum downstream value of 61 440kbps (60Mbps) for the WAN port to which the LTE modem is connected. My understanding, though, is that the LRT224 doesn't DO anything with this information unless there are one or more bandwidth management policies set. (My understanding may be wrong, and the manual isn't much help). I have no bandwidth management policies set.
  3) I did try disabling all of the firewall rules as suggested by Flybyknight - no improvement.
  One interesting (and unintended / undesired) consequence of my setup is that I can only "see" the configuration pages (web interfaces) for both upstream modems (ADSL and LTE) when the router is in "Load Balance" mode. If it is in "Failover" mode and the primary WAN is up, then I can't see the modem on the secondary (failover) WAN. I assume this is because traffic is only being routed to the active WAN port.
  I guess my uncertainty is more about the upstream setup, ie the way in which the upsream-facing WAN ports on the LRT are configured to talk to the downstream-facing LAN ports on the respective modems.
  The user guide for the LRT224 is really poor, unfortunately. It doesn't explain the actual workings of the various features at all. For instance, it does not explain what the ACTUAL working of "load balance" is. Does the device route the same amount of traffic (bytes) to both WAN ports, or does it do so in proportion to their configured speeds ? Proper explanations for these features are really indispensable! Belkin/Linksys, are you listening ??

• RV320 - Dual WAN - Load Balance Problem

  Hi all,
  I've just bought a RV320 Dual WAN router an try to get it running. My network setup looks lice the picture attached.
  I have 2 WAN Connections:
  - Router 1 (16Mbit Down / 512kbit up) - no public WAN IP
  - Router 2 (3 Mbit Down / 512kbit up) - Fixed public IP
  Router 1 ist connected to WAN1 and router 2 to WAN2 port on the RV320.
  I have enabled load balancing mode.
  Qustions:
  1.
  I want WAN1 to be the primary line to be used until capacity reached.
  Currently for some reason I don't understand the cisco always uses WAN2.
  That's not good as all browsing and downloading is limited to 3mbit.
  When I switch to "fail-over" mode and set primry live to WAN1 that works, but WAN2 is not kept alive.
  2.
  I am using VOIP and need to route all VOIP traffic to WAN2 interface.
  The best would be to tell the router IP 192.168.177.9 (voip phone) should use WAN2. So far I didn't figure out how to do that.
  Can I put VOIP into one VLAN group and allocated VLAN to one specific WAN interface?
  Brgds

  So, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets. 
  If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP -  UDP ports 16384-32767 to the phone IP.
  Regards,
  Kremena

• WAN Router Connection to Data Center

  We have a WAN router that needs to connect to our Data Center network.  The Data Center consists of two N7K core switches, with a pair of N5K switches as aggregation, and each N5K has twelve N2K fabric extenders.  The N2Ks are single-homed to the N5Ks.  The N5Ks are vPC connected to the N7Ks.
  We would like to attach the WAN router to both N7K switches in the Data Center.  The N7K switches only have 10G ports in them, so we can't terminate the WAN router directly to the N7Ks.
  I was considering creating one dedicated VLAN on each N7K, and assigning an SVI to each VLAN, to correspond to the L3 connections between the N7Ks and the WAN router.  Then, we could trunk these VLANs to each of the N5Ks, and configure one 1G port on each N5K for the VLAN, and connect the WAN router to the N5Ks.
  Two questions regarding this design:
  1) Is there a problem in connecting the L3 WAN router to the N7K via the N5K?
  2) Does vPC connectivity between the N7K and N5K pose a problem for the proposed WAN connectivity?
  Thanks in advance for any feedback.
  -rb

  The vPC between N5K and N7K is the catch here. Layer-3 routing over vPC member ports is currently not supported so I will advise you to stay away from this approach.
  Atif

• Dual Wan and port routing

  Hi,
  I am setting up a configuration with SA520W and 2 Wan, in load balancing. But I face a problem that I could not understand.
  Traffic is HTTP, SIP and 2 servers.
  Servers are for a VPN tunnel and a mail server with ActiveSync
  Both services absolutely need port 443 on the external IP, and that's one of the dual wan reason.
  The 2 wan are running, load balancing mode is enable and NAt routing in firewall tab as follow :
  443  Enabled     WAN     LAN     ALU_OpenVPN     ALLOW always     Any         192.168.0.150     WAN1     Always    
  443   Enabled     WAN     LAN     ActiveSync     ALLOW always     Any         192.168.0.254     WAN2     Always 
  If load balanced
  Port 443 is NOT routed from wan1 to 192.168.0.150
  Port 443 is routed from wan2 to 192.168.0.254
  If only WAN 1
  Port 443 is routed  from wan1 to 192.168.0.150
  If only WAN 2
  Port 443 is routed  from wan2 to 192.168.0.254
  In fact I did other testing and no port routing with WAN1 when load balancing is enable, even on port that is not used at all on Wan2.
  With a FTP filezilla server, it's OK if on wan2, and it stop before logging if on a wan1 (on laod balancing, ok on both case if only one wan)
  Firmware : latest 2.1.18
  Any Clue ??

  Hello,
  I confirm, there is a strange behaviour.
  Simple test :
  Dual Wan configured.
  A FTP server on the LAN (192.168.0.254) port 21
  Firewall , ipv4 config :
  WAN   to   LAN     FTP     ALLOW always     Any         192.168.0.254     WAN1
  WAN   to   LAN     FTP     ALLOW always     Any         192.168.0.254     WAN2
  Then some testing using a FTP client outside the LAN, connection from Internet.
  Then, changing ONLY the Wan Mode :
  1/ Use only single WAN port : Dedicated WAN
  ==> FTP connect through WAN1
  2/ Use only single WAN port : Optional WAN
  ==>FTP connect through WAN2
  3/ Load Balancing
  ==>FTP connect through WAN1
  ==>FTP DO NOT connect through WAN1
  Is that a bug or do I have some strange stuff somewhere ?
  I will pick up another SA520W from stock, brand new, update the firmware, configure the 2 WAN (invering the 2 provider just in case) and do the same test.

• Kindly Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN ?

  Kindly 
  Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN?
  Thanks,

  Linksys/Cisco E4200 are compatible with DHCP. Second, these Wireless-N routers are only capable of enabling the VPN traffic to pass through the device.  You will need a VPN router and software to create the actual network to connect with your VPN client.

• Using ASA 5510 and router for dual WAN Connections.

  Guys, neeed some help here:
  Context:
  1- My company has one ASA 5510 configured with Site-to-site VPN, Ipsec Cisco VPN and AnyConnect VPN.
  2- We use ASA to connect to the single ISP (ISP 1) for internet access. ASA does all the NATing for internal users to go out.
  3- A second link is coming in and we will be using ISP 2 to loadbalance traffic to internet (i.e. business traffic will go via ISP1 and “other” traffic will go via ISP2).
  4- A router will be deployed in front of the ASA to terminate internet links.
  5- No BGP should be used to implement policy (traffic X goes via ISP1, traffic Y goes via ISP2).
  Questions:
  How do I get this done, particularly, how do I tell the router, for traffic X use ISP1 and for traffic Y use ISP2? PBR is my friend?
  Since I will be having 2 public Ip Addresses from the 2 ISPs, how do I NAT internal users to the 2 public Ip addresses ?.
  Finally, which device should be doing the NATing? The ASA just like now or move NATing to the Router?
  Thanks
  Ndaungwe

  Hi,
  Check the below link, it gives information on trasperant fw config and limilations. Based on the doc, you may need to move the VPN /anyconnect to router as well. From the routr end you may be able to set up static routes pointing to diff ISP based on traffic needs but this will be compleicated setup and can break things. Wait for other suggestions or if possible stick to ASA to terminate both links and still route the traffic to diff ISPs (Saves the router cost as well).
  http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
  Thx
  MS

• LRT224 and Spotify/port forwarding on dual WAN set-up.

  Very pleased with the  LRT224, which was easy to set up (dual WAN, one cable modem, one VDSL). I'm using it for a small home-based business with several PC's, and it's worked a dream in the load-balancing mode.  My request is beyond my current technical knowledge, however: we have Spotify on one PC for "background entertainment". It's a total bandwidth-hog, so I'd like to set it up to use the slower of the two WANs (VDSL) only.  I'm something of a newbie to the techniques of port forwarding, so I'd be really grateful if someone could describe the steps to bond all Spotify inbound/outbound traffic to WAN2. Is this even possible...?  Thanks in advance - Steve

  You can define a specific IP addresses or specific application service ports to go through a user-assigned WAN for external connections via Protocol Binding. Just bind the MAC address of your device to an IP address to properly route traffic to the specific device by IP and MAC binding.

• Dual WAN and Log mail SMTP on RV082 ?

  I use a RV082 with dual Wan and I cannot configure two SMTP.
  Without authentication; a SMTP is specific of the provider.
  When WAN1 comes down, SMTP to be used is the SMTP corresponding to WAN2 and vice versa.
  Implementation of authentication with the mail server wil be useful.
  Possibility of two mail servers with indication of the corresponding WAN is also useful.

  I don't know how or if it's possible to set up two SMTP servers, but I know that may ISPs block SMTP traffic that is not directed to one of their SMTP servers.  You could try picking just one SMTP server, and find out if it can be conacted on a non-standard port.  A lot of SMTP providers allow for this.
  If you can configure a single SMTP server on a non-standard port, you should be able to conatct that SMTP server from anywhere on the internet because the traffic won't be blocked (at least not port-based blocking, which is what most ISPs use).
  So in a scenario where WAN1 is the ISP who owns the SMTP server and WAN2 is a diferent ISP that blocks standard SMTP traffic...
  1) If both WANs are working, SMTP traffic goes out WAN1.  No problem.
  2) If only WAN1 is working, SMTP traffic goes out WAN1.  No problem.
  3) If only WAN2 is working, SMTP traffic goes out WAN2, but is not blocked because it is on a non-standard port.  No problem.
  I hope that helps.

• VPN, UC560 and a DSL domestic router.

  Hi
  I'd like to know whether it is possible configure a VPN in a UC560 connected to a DSL domestic router.
  I'd to connect to the router through VPN.
  It is that posible with the default UC560 licenses?
  do I have to do something in the domestic DSL router?
  Thank you
  Regards

  Hi Waldo,
  By default the UC-500 supports IPSEC-VPN and SSL VPN connectivity without the need of a license upgrade, however in order for this to work right, you may need to consider doing the following:
  * Put your current DSL modem in bridge mode and have the UC-500 authenticate the connection and do all the routing
  * Make sure you have a static IP address, as the VPN will not work on a dynamic IP address ( Well it can but very very difficult).
  * Make sure you set it up using CCA, that way you can ensure the firewall is configured right and you can properly throttle bandwidth if you need to
  Other than that you should be good to go :-)
  Cheers,
  David Trad.
  Sent from Cisco Technical Support Android App