• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1041
  • Last Modified:

Linksys RV082 Site-to-Site VPN

Hello all,

I was wondering if anyone out there has had any experience setting up a Linksys RV082 VPN behind another firewall?

One of my customers has recently moved in to an executive suite and they are the only providers of internet for the entire building. They have their own firewall and have assigned us an internal static IP address. They said they are willing to forward ports for us, so my question is this:

What ports would I need to forward for the site-to-site VPN to work?

Site 1:
RV082 Public IP/192.168.0.x NAT local network

Site 2:
RV082 Public IP(controlled by leasing company) -> Static Internal IP/192.168.1.x NAT local network

Any help would be greatly appreciated.
  • 2
1 Solution
You can't just "forward ports".   It involves protocols beyond TCP and UDP based protocols.   Without going into big disertation about it,..there is no such thing as "forwarding ports" anyway.  Port are just addresses,..Layer4 Addresses to be exact and they are not "routable" which is the true meaning of "forwarding".  Port Forwarding is just a meaningless term invented by the "Home User" market.   What is really being done is Static NAT (aka Reverse NAT) and the IP#s (Layer3) are the focus of the action,..not the ports (Layer4).
Anyway,...for PPTP (TCP 1723) or L2TP (UDP 1701) you can cover them with Reverse NAT.  But that does not cover GRE which is not based on TCP or UDP.  To handle GRE the outermost Firewall (Landlord's Firewall) has to have a function that is most commonly called "VPN Pass-Through".  Not all firewalls can do that.  Also note that GRE is not port 47,...it is Protocol-47,...that is a protocol identifier, not a port number.
If the SIte-to-Site VPN is based only on IPSec then you need them to Reverse NAT IPSec NAT-T (UDP 4500).  I don't remember for sure if it also requires IPSec ESP,..this is not a "port",..it is a protocol "number",...(Number-50, Type: IP-Level, Direction Receive-Send)
IPSec will not work over NAT by itself,..it requires NAT-Traversal,...the the outermost firewall must be able to do NAT-T.
Since all of what I have mentioned is done on the outermost firewall before you even begin to configure your device,...the people in charge of it need to know and understand what they are doing.  I really have no details beyond what I have given. I have simply pulled this information from the items within my firewall.  This is not something I have performed personally.  I would really really hate to ever be in your kind of situation myself,...I would probably have made everyone miserable beforehand making sure that such a situation like this was never created.
I tried to go to Linksys's site and get a PDF manual of your RV082 but I couldn't track it down.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now