How to setup a Cisco router with multiple WAN IP address and forward ports to multiple VLANS.
The router I used was the Cisco RV220W. I believe other Cisco routers have this functionality, but I have not tested them. I suspect if it’s a Cisco router that has One to One NAT it can do this. The problem is in one to one nat you can only add one rule per WAN IP. It gives you three choices; forward all ports, forward a single port or sequential port range. For example you could not forward port 80 and 443. You would have to forward either 80 through 443, or forward all ports from a single WAN to Lan or Vlan. Here is how to forward multiple ports for each wan to a Lan or Vlan.
First I setup One to One Nat. Click on any image for a larger view.
This is where I added the rules. For this configuration to work I needed one to one nat. Simply adding port forwarding or firewall rules would not forward multiple WAN IP’s to multiple VLAN’s. For each WAN IP you can only add one rule, and once a single rule for one to one NAT is established a firewall rule with port forwarding starts working.
Note: you can forward all internet traffic to any internal VLAN or IP, but for security reasons I didn’t want all ports forwarding to a single internal LAN.
This is the detailed view of the rule. The range length specifies that a single WAN IP is used. For example if I had selected 2 for Range Length. This rule would have applied for two IP address: xxx.xxx.122.147 and xxx.xxx.122.148.
I added a firewall / port forwarding rule, the router was smart enough to add the rule to the list of port that were forwarded.
The OpenVPN is defined as a single port or a port range. I can’t remember, but either way it should work. The part at the bottom is important. Sent to local server (DNAT IP) destination nat. I added my VLAN IP here. I checked Use other WAN Destination IP and added the WAN IP that I wanted to forward the OpenVPN port.
Once I added the firewall rule it showed up in the port forwarding section.
Here is the details of the port forwarding rule. I guess it’s important to add the rule in the firewall section because it give you the ability to specify the VLAN and WAN IP address.
Remember: If you want to forward multiple ports on different external WAN’s to the internal network, VLAN or otherwise, you only need to add a single 1 to 1 nat rule. Do this in the one to one rule, (NATing a single port) then add your firewall / port forwarding rules to add additional forwarded ports under the Firewall setting.