Asus AX3000 Sub-Net IP address mapping to external IP Address

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

amohan78

New Around Here
I have 2 ISPs providing me internet. Both the ISPs have provided their proprietary router.

I have a CISCO Load Balancer RV340 where the 2 ISP routers are connected and then I have a Asus AX3000 connected from the CISCO router.

The Topology is attached herewith
topology.jpg


I have hooked the 2 ISP routers in 2 WAN ports of CISCO RV340 Load Balancer and set them up as DHCP clients (IP provided by router ISP).
In Multi WAN setting, the precedence is set up as WAN1=1 and WAN2=2 for Cisco RV340 Load Balancer
I have Antivirus switched ON and Intrusion Prevention System switched ON in CISCO RV340

From the LAN Port of RV340, the ASUS AX3000 is the downstream router which renders WiFi connection to a host of clients. This downstream router is not in AP mode. I wanted to take advantage of AiProtection and hence have set up in Router mode. I have intentionally set it up as router mode as this network is like a public WiFi and the Firewall and content filtering are set ON to restrict any unwarranted websites. This restricted network renders WiFi connection to a bunch of students. The ASUS AX3000 therefore is a Sub-Net within the CISCO LAN.

So, ISP1=WAN1 + ISP2 = WAN2 renders the LAN network as 192.168.32.0 and then the router Subnet LAN is 192.168.75.1. The RV340 renders the LAN address to the router as 192.168.32.100 (which is effectively the WAN address for ASUS AX3000.

I have a specific requirement. There is a Linux server in the LAN 192.168.75.0 with a specific IP of 192.168.75.10.
All traffic emanating out of 192.168.75.0 is getting routed via WAN1 since WAN1 is set as precedence=1. I want to make an exception here.

How do I make a configuration so that any traffic generated on 192.168.75.10 gets routed via WAN2 only.

I know CISCO RV340 has a policy based routing under multi WAN but it would not recognize the sub-net LAN network 192.168.75.0 since the LAN is 192.168.32.0.

Since the NAT on Asus AX3000 is ON (and It has to be ON if in Router mode), therefore the address map is an internal table. I somehow need to map the internal IP of 192.167.75.10 to an external IP of 192.168.38.0 network so that I can ask the Cisco router that any IP packets from this external IP address need to go via WAN2. Or somehow the outer LAN should be able to recognize the sub-net and be able to access the IP Addresses of the sub-net.

Is there any way that I can make the traffic generating from 192.168.75.10 inside the 2nd router's LAN be passed through WAN2 ?
 

ColinTaylor

Part of the Furniture
I think your picture is wrong. In the box "CISCO RV340" the IP address should be 192.168.32.0?

That said, I don't think there's any way of identifying traffic coming from the LAN server because as you say, it's being NATed to the router's WAN address. So unless you can infer traffic from the server based on it destination address I think you're out of luck.
 

amohan78

New Around Here
I think your picture is wrong. In the box "CISCO RV340" the IP address should be 192.168.32.0?

That said, I don't think there's any way of identifying traffic coming from the LAN server because as you say, it's being NATed to the router's WAN address. So unless you can infer traffic from the server based on it destination address I think you're out of luck.
Hi Colin

Yes, your observation is correct in terms of the wrong IP at Cisco LAN. My Bad. I rectified the diagram and re-attached it.
topology.jpg

I even tried to change the NAT Type from Symmetric to Full-Cone hoping that I would get an external IP corresponding to an internal IP. But am struggling to see if there is indeed such a table and how can I retrieve it.
It seems that this is almost impossible to crack now
 

ColinTaylor

Part of the Furniture
You could try disabling NAT on the Asus. That would stop the router from masquerading the local IP addresses to the WAN address. The Cisco would then "see" the source addresses. I don't know what the knock-on effect of that might be though.
 

amohan78

New Around Here
You could try disabling NAT on the Asus. That would stop the router from masquerading the local IP addresses to the WAN address. The Cisco would then "see" the source addresses. I don't know what the knock-on effect of that might be though.
Thanks. Have already given that option a try. The issue is, since Asus is in a Router mode, the moment I disable the NAT, the Asus router loses the Internet connectivity all together. NAT can only be disabled in AP mode it seems.
 

ColinTaylor

Part of the Furniture
Thanks. Have already given that option a try. The issue is, since Asus is in a Router mode, the moment I disable the NAT, the Asus router loses the Internet connectivity all together. NAT can only be disabled in AP mode it seems.

Hmm, I'm sure I've had this kind of setup working before. Although that would have been with two Asus routers rather than one Cisco.

Are you sure the router looses internet connectivity and not just clients on the LAN? IIRC with NAT disabled you would also need to create a static route on the Cisco telling it that the 192.168.75.x network is accessible via gateway 192.168.32.100. I don't know whether the Cisco would require any other changes to allow traffic from 192.168.75.x to traverse its 192.168.32.x network (ACLs?). EDIT: You will also need to disable the firewall on the Asus to allow forwarding to the Asus' LAN.

EDIT 2: Don't use the guest WiFi networks in "slot" #1 because the Asus assigns them a different IP address range. Slots #2 and #3 are fine though.

NAT doesn't apply to AP mode because there's no routing taking place (and hence no WAN interface).
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top