Configuring Parent and Child Routers with Communication Between Subnets

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

KAMyers1

New Around Here
Already posted a similar question with no responses, so let me try again with hopefully somewhat less confusing information:

I have two routers connected in a parent-child relationship, with one of the LAN ports on the parent router is connected to a WAN port on the child router, forming two separate LAN subnets:
parent router with LAN ports on 192.168.1.xxx
child router with LAN ports on 192.168.5.xxx

The WAN port of the child router is at LAN address 192.168.1.4 of the parent router.

I want computers on the two separate subnets to be able to communicate with each other. So I set up a static route on the parent router, with destination address 192.168.5.0, subnet mask 255.255.255.0, gateway address 192.168.1.4, and metric 2 (lowest allowed by parent router). I also turned off the firewall and disabled NAT on the child router.

With that configuration, I still can't ping from a computer on the parent router to a computer on the child router or vice-versa. In fact, I also loose internet access from computers connected to the child router after NAT has been disabled.

Shouldn't computers on the two subnets be able to ping each other in this configuration? Why is turning off NAT on the child router causing internet connectivity for the machines connected to that router to be lost? What am I missing?

In a further attempt to clarify and head off some well-meant but irrelevant responses:

1. I do need two separate subnets, because I need all of the attached devices to be able to obtain their addresses using DHCP, and I also need to be able to remove the connection between these two routers whenever desired, while maintaining addresses and communications between the computers on each subnet separately (with no internet access for devices on the child router when disconnected). Therefore, typical LAN to LAN router connections and bridged connections will not work (as far as I can see).

2. The configuration that I need is essentially a typical LAN to WAN router connection setup with separate subnets for each router. But I also need the machines on each subnet to be able to communicate (e.g. ping each other). Even after configuring a static route on the parent router and disabling the firewall and NAT on the child router there seems to be something in the firewall or LAN setup that is preventing this.

Sorry for the duplication, and thanks in advance for any help.

Kevin M.
 

eibgrad

Very Senior Member
I have two routers connected in a parent-child relationship, with one of the LAN ports on the parent router is connected to a WAN port on the child router,...

I think you got that backwards (at least I hope so).

With that configuration, I still can't ping from a computer on the parent router to a computer on the child router or vice-versa. In fact, I also loose internet access from computers connected to the child router after NAT has been disabled.

My guess? The primary (parent) router is *only* NAT'ing it's own network over its WAN! Sometimes routers do this as a security measure to prevent some rogue network from accessing the internet. Personally I think it's DUMB, but if that's the case, you may have no choice but to reenable NAT on the secondary (child) router (I'm assuming, of course, the parent router doesn't offer the option to define your own NAT rules).

As far as why the two networks can't communicate, it does seem particularly odd for devices on the child router to NOT be able to reach devices on the parent router, since *anything* upstream of the child router is typically "fair game", whether it's another local/private network, or the internet. Add w/ NAT enabled on the child router, if it's still not working, that's even stranger since the child router is masking its IP network w/ its own WAN ip, which belongs to the parent network! IOW, from the perspective of the parent network, the child router and all its clients appear to be part of the parent's IP network. You'd think communications would be guaranteed!

As far as devices on the parent network not being able to reach devices on the child network, that's a more common problem, usually due to the child router's firewall on the WAN. But you said you disabled it. And you have the necessary static route on the primary router so the child network can be found via its gateway IP (i.e., the WAN ip of the child router). Again, it seems like it should be working.

So something is up there, but at this point, hard to tell what. Everything you *said* makes sense and sounds correct, but that doesn't necessarily prove that's what you actually did. Sometimes those two things don't match up. So triple check your setup.
 

KAMyers1

New Around Here
Thanks for your message.

On your first comment, I think you misspoke, or maybe misunderstood what I was saying. Let me clarify further: WAN port of parent router is connected to cable modem. One of the LAN ports on the parent router is connected to the WAN port of the child router, in a typical LAN to WAN dual router setup, that might often be referred to as "double-NATed" (assuming both routers have NAT enabled). Make sense?

But yes, the rest of your comments basically parallel my own thoughts. Furthermore, if I enable NAT on the child router (so that double NATing is truly in effect), then clients connected to the child router are able to reach the internet through the connection to the parent router. But if I turn off NAT on the child router, then those same child router clients are unable to connect to the internet. Perhaps that is to be expected, I'm not sure. But in any case, regardless of the NAT setting on the child router, clients of the child router are *never* able to ping any of the other clients that are connected to the parent router. That seems very strange to me, and doesn't match up with what should happen according to a number of other internet articles that I have read. I just can't figure out what is going on. I called Cisco, but the tech that I spoke to seemed to know even less about all of this than I do. :-(
 

KAMyers1

New Around Here
New on this forum, and not much of a forum user in general. Not sure exactly what you mean about consolidating posts and how that would best be accomplished. If it matters, I don't think there is any more useful information in the other post, and the extra details in the other post (router models, etc.) could just confuse things. That's why I left them out in this thread.
 

GSpock

Senior Member
Thanks for your message.

On your first comment, I think you misspoke, or maybe misunderstood what I was saying. Let me clarify further: WAN port of parent router is connected to cable modem. One of the LAN ports on the parent router is connected to the WAN port of the child router, in a typical LAN to WAN dual router setup, that might often be referred to as "double-NATed" (assuming both routers have NAT enabled). Make sense?

But yes, the rest of your comments basically parallel my own thoughts. Furthermore, if I enable NAT on the child router (so that double NATing is truly in effect), then clients connected to the child router are able to reach the internet through the connection to the parent router. But if I turn off NAT on the child router, then those same child router clients are unable to connect to the internet. Perhaps that is to be expected, I'm not sure. But in any case, regardless of the NAT setting on the child router, clients of the child router are *never* able to ping any of the other clients that are connected to the parent router. That seems very strange to me, and doesn't match up with what should happen according to a number of other internet articles that I have read. I just can't figure out what is going on. I called Cisco, but the tech that I spoke to seemed to know even less about all of this than I do. :-(

Have a look at this thread, it might help you:
 

KAMyers1

New Around Here
GSpock, thanks for the suggestion, but the solution there didn't work for me. However, I did finally identify the problem: My child router had been previously used as a VPN endpoint, and the VPN connection was still configured on the router even though it was no longer being used. The remote LAN for that VPN connection had been set up as subnet 192.168.1.xxx, which was the same subnet being used for the parent router in my current setup. Apparently that created a situation where the VPN configuration wouldn't allow any local traffic on the child router for the 192.168.1.xxx subnet. After disabling the obsolete VPN configuration everything worked as anticipated.
 
Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top