Router Selection for Multiple Subnet NATing
I currently have a router (Linksys RV042) that only allows port forwarding to 1 subnet. I am attempting to allow an H.323 device on the Internet to connect to an H.323 device behind the firewall and then further down the network across another VPN span to another subnet. Presently I can route traffic fine in terms of getting out, however obviously with H.323 udp packets I have some additional problems because while the tcp traffic can negotiate, the udp packets are dropped since there's no apparent route back even when masquerading the public IP from the internal H.323 device since the RV042 has no way of understanding the route back down the inside device when traffic is inbound.
Here's a quick diagram of the network (presently I don't have the two VPNs teamed, as that's another issue I'm tackling right now, but that's really a different matter).
You can see from this that my immediate need is to connect the "Office 1" "H.323 1" device to the "Remote Site / Node 2" "H.323 2" device. That is what that red arrow between the two indicates.
So essentially I need to understand what router would be optimal in this situation. Cisco / Linksys is telling me that they don't think they have a small business class router that will handle it and that I'll probably have to jump up to enterprise class. It seems that perhaps DD-WRT or RouterOS (MikroTik) could handle this or perhaps another solution. Can someone please recommend a router or appropriate OS that would be ideal for this and support a bunch of video traffic in this regard?
Another important feature is that I must be able to assign public IPs to devices down inside the network on the other subnets as well. Each of these devices on the internal network is to offer publicly accessible services from various kinds of devices.
So a recommendation for an appropriate router would be superb.
A bonus is that I must be able to team the two VPNs, which I could essentially use to create perhaps one homogenous subnet, which would also work, but I'm unclear about the best option for teaming VPNs at the moment.
Here's a quick diagram of the network (presently I don't have the two VPNs teamed, as that's another issue I'm tackling right now, but that's really a different matter).
You can see from this that my immediate need is to connect the "Office 1" "H.323 1" device to the "Remote Site / Node 2" "H.323 2" device. That is what that red arrow between the two indicates.
So essentially I need to understand what router would be optimal in this situation. Cisco / Linksys is telling me that they don't think they have a small business class router that will handle it and that I'll probably have to jump up to enterprise class. It seems that perhaps DD-WRT or RouterOS (MikroTik) could handle this or perhaps another solution. Can someone please recommend a router or appropriate OS that would be ideal for this and support a bunch of video traffic in this regard?
Another important feature is that I must be able to assign public IPs to devices down inside the network on the other subnets as well. Each of these devices on the internal network is to offer publicly accessible services from various kinds of devices.
So a recommendation for an appropriate router would be superb.
A bonus is that I must be able to team the two VPNs, which I could essentially use to create perhaps one homogenous subnet, which would also work, but I'm unclear about the best option for teaming VPNs at the moment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't know off the top of my head, it may have silly dhcp limitations. Check the manual. Also if you can use the sonic enhanced os it's much better.
ASKER
So essentially I'll be able to take a block of IPs with a 210 and NAT any device on any subnet behind the 210 up to that ip, correct? Any tutorials or sections in the instruction manual that point me in a more positive direction on this? I'd like to see some solid info on how to do what I want to do before I go out and rush the owner of the business into purchasing this as we have a Monday deadline to get this set and going.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The two VPNs are managed by the resellers (TW Telecom and AT&T) and are supposed to be MPLS. However, I fear, they are simply ON MPLS vs them just giving us a true MPLS cloud. That is the real problem at the moment and we should have a homogenous subnet across the entire VPN cloud from what I understand now of a true MPLS network...
So currently it is a mesh style vpn where each node is just a node or peer in the VPN it appears. We have no real control over the VPNs.
So currently it is a mesh style vpn where each node is just a node or peer in the VPN it appears. We have no real control over the VPNs.
ok...does the ISP hand off an ethernet connection to you that represents the other two mpls connections OR do you get two ethernet connections? i have a couple of clients that are part of an mpls solution and i get to create my own subnet across the connection. i could use RIP or another routing protocol or i could create a subnet and just setup routes. i choose the later. it works well and i don't mind the extra work to create the routes.
anyway, knowing a little more about how you connect to the "mpls" would be helpful.
anyway, knowing a little more about how you connect to the "mpls" would be helpful.
ASKER
I'm semi new to this project, however it appears that each point has a router. (AT&T have Cisco routers; TW Telecom has perhaps Avaya, but I can't recall) and they simply give us a private internal ip. So, sure we can ping, for example, the external ip address of the juniper router upstream to tw telecom, but we only have the internal ip 10.0.2.0/24 to work with.
Now, this does not appear to be optimal and we're going to actually speak with them to get a true mpls cloud for each vpn vs what we have, however for now we have to work with what we have temporarily just because we have to have a few sites up immediately.
I'll split this off into another question to get into more detail and the nitty gritty of this point as I need some solid information and suggestions regarding what to specifically tell the ISPs what we need to actually have happen.
Now, this does not appear to be optimal and we're going to actually speak with them to get a true mpls cloud for each vpn vs what we have, however for now we have to work with what we have temporarily just because we have to have a few sites up immediately.
I'll split this off into another question to get into more detail and the nitty gritty of this point as I need some solid information and suggestions regarding what to specifically tell the ISPs what we need to actually have happen.
thanks for the extra info. when we setup our mpls type connection, we put in a layer 3 switch at each mpls site. the ISP let us pick our own subnet. so, for instance, we chose 10.0.1.0/24. HQ was 10.0.1.1, site 2 was 10.0.1.2, etc. this was the MAN IP of the layer 3 switch. at HQ, we had 192.168.1.0/24, at site 2 we had 192.168.2.0/24, etc. on each router, we made the MAN IP the gateway for the switch. for the hosts, the LAN IP is the gateway. we setup routes on each router for the remote site's network using the MAN IP of that layer 3 switch as the gateway.
in this instance, we had a mesh. also, since the mpls network is "private", we didn't need to setup VPNs between each site.
in this instance, we had a mesh. also, since the mpls network is "private", we didn't need to setup VPNs between each site.
ASKER
Turns out the TZ 180 I have was able to be updated to SonicOS Enhanced 4.2.1.0-20e. This sounds promising.
Do either of you have suggestions towards the tutorials / wizards that would get my horse pointed north regarding the subnet issue as it presently stands? I know that I had a nightmare of a time with port forwarding NAT before on this unit a few years ago which was one reason we moved away from it sadly.
Do either of you have suggestions towards the tutorials / wizards that would get my horse pointed north regarding the subnet issue as it presently stands? I know that I had a nightmare of a time with port forwarding NAT before on this unit a few years ago which was one reason we moved away from it sadly.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, you said it a little clearer than I.
cool...
ASKER
Okay, this question is getting a bit lengthy. Let's cap this off and start some more... :) I need to get into some other specifics now that I'm config'ing the unit.
cool...thx for the pts!
ASKER
Certainly would welcome other recommendations as well.