Routing, WAN Ping and Double NAT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Routing, WAN Ping and Double NAT

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Routing, WAN Ping and Double NAT
Routing, WAN Ping and Double NAT
2022-04-23 10:53:38
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.1

Hello, I built the network below using TP-LINK Business Solutions devices only. Everything behind the router ER7206 is my local private network that is further divided into subnetworks by ER605 routers. I am now struggling to achieve the following:

 

1) Ping WAN IP of ER605 routers. There is no "allow WAN ping" option.

2) Make the routers to route traffic from hosts behind one ER605 router to the hosts behind the other ER605 router. I am able to add the static routes but it seems the packets are discarded when their reach the WAN interface of the destination ER605 router.

3) Hosts behind ER605 routers are under double NAT. How to resolve it? How to disable NAT on ER605?

 

I am afraid answers to all 3 issues will be something like that it is not possible. So let me ask this - is my network design flawed? Am i asking for things that are really not supposed to work in a business solution? Are any of these points on your roadmap?

 

Best regards,

Radek Tyrala

 

  0      
  0      
#1
Options
7 Reply
Re:Routing, WAN Ping and Double NAT
2022-04-23 11:22:19

  @Artee 

 

why do you have ER605 on remote site, you can control everything from ER7206
create a VLAN for each of the remote sites on the ER7206 and put a switch on remote site to access point and computers.

 

  0  
  0  
#2
Options
Re:Routing, WAN Ping and Double NAT
2022-04-23 12:37:39
Hello, thank you for your response. I will take it into consideration. However my intention was to make the LAN 2 and LAN 3 more resilient and autonomous networks with its own router with DHCP and possibly a backup WAN (e.g. adding an LTE modem/router to each ER605 router) to keep these networks operational even in case of an outage in LAN 1.
  0  
  0  
#3
Options
Re:Routing, WAN Ping and Double NAT
2022-04-23 12:55:40

  @Artee 

 

ok, I understand, to get a connection between the sites you can use unencrypted L2TP site to site VPN, then you will get good speed and go past NAT, since everything is on LAN  there is no problem with unencrypted communication.

this will only work between your ER605 with WAN interface available to each other, on ER7206 only LAN is available and VPN is not possible.

 

  0  
  0  
#4
Options
Re:Routing, WAN Ping and Double NAT
2022-04-23 17:48:29

  @Artee 

 

I wouldn’t recommend this as a new solution, but if you’ve already purchased that equipment I think you can make it work more or less the way you want. You may try to attach the AP Clients to LAN ports of ER605s and extend their VLANs to ER7206. ER7206 will handle inter-VLAN routing and single VLAN traffic within ER605s will be independent of ER7206. In this topology you will have two gateways (VLAN interfaces) in each VLAN that includes ER605, one on ER605 and one on ER7206. You will need to use the one on ER7206 as the default one because that’s where your Internet connection is. You can use DHCP servers on ER605s only or together with the DHCP server on ER7206. If in the future you add backup Internet connections to ER605 WANs, you can switch to them manually by changing the default gateways in the DHCP servers.

Kris K
  0  
  0  
#5
Options
Re:Routing, WAN Ping and Double NAT
2022-04-23 22:03:37

  @Artee 

 

-> 1) Ping WAN IP of ER605 routers. There is no "allow WAN ping" option.

 

In the ER605 router's web ui navigate to Firewall -> Attach Defense. In the section 'Packet Anomaly Defense' uncheck 'Block Ping from WAN'.

 

Don't forget to click 'Save'.

  1  
  1  
#6
Options
Re:Routing, WAN Ping and Double NAT
2022-04-24 07:15:15
@Robinyo - Thanks that helped.
  0  
  0  
#7
Options
Re:Routing, WAN Ping and Double NAT
2022-04-24 07:19:45

  @KJK 

 

I am still within my free return period. So if you recommend a better set up for this network, I would be more than happy to consider it.

 

  0  
  0  
#8
Options