Cisco Routers :: RV042 Firewall Slows VPN Traffic
Sep 9, 2011
Replaced an older RV042 that had damage from lightning. The new RV042 is V03 with firmware 4.0.0.7. This router supports 7 branch offices using site-to-site VPN to other RV042 routers. After connecting the new RV042 at the main office, three of the branch offices had very slow response over the VPN tunnel. I disabled the firewall on the new RV042 and the problem resolved. The three branches with the problem have Windows 7 systems and the other 4 have Windows XP. I confirmed that the Windows firewall was disabled on the Windows 7 systems.I did try leaving the firewall enabled and disabling SPI, but that didn't work. Have to have firewall disabled to resolve the problem. I would not expect the firewall on the main office RV042 to affect VPN tunnel traffic, but apparently it does. Do we need specific access rules to fix the issue. It works fine with firewall disbaled, but I'd be more comfortable with it enabled.
View 2 Replies
ADVERTISEMENT
Dec 20, 2011
I recently took over at a company as IT Manager. All through my career I have heard about the quality of Cisco equipment. Over the past few years I have used a few different Cisco products with good success. When I took over they were using an assortment of old D-link DI-604UP's & DI-804HV routers. The problem is that most of the DSL Internet connections now are faster than the 10 megs that these units WAN connections support. Since they were working fine other than that I felt that replacing them with the RV042 would be a good step. So far I have purchased 6 & implemented 5 of them. The sites vary in number of network devices from 10 to about 50.
The problem is that 4 of the 5 routers start to slow down & finally stop responding after a period of time. If I unplug them, count to 10 & plug them in again they work fine again for a period of time & then quit. The length of time varies between sites & even varies on the same unit. They may go for 2 days or 2 weeks. I never know what I'm going to get. When they go down I don't even have local access to them. It's like they overload & can't accept any more data. I can't tell you what version of firmware they originally had but I can tell you I had upgraded 3 of them to version 4.0.4.02 & then to version 4.1.0.02. I reset & manually re-entered all the settings after I did this.
I have read through the posts & have changed the MTU settings & tried disabling the SPI firewall setting to no avail. The D-link routers ran flawlessley until I replaced them & have done so since I put them back.
I now have over $1000.00 dollars worth of routers that I can't use. I have a boss that is on me because I talked him into spending the money when the $200.00 dollars worth of routers I replaced were working fine.
I have 10 locations to upgrade the total infrastructure in. Routers, switches, etc. If I don't get this resolved quick there is no way in the world I be buying any more Cisco equipment.
View 4 Replies
View Related
May 17, 2011
We have Cisco ASA 5510 256RAM running 8.2.4 with CSC 6.3.1172.4, it slows down internet traffics drastically when we do speed test, we get something like this, It the computer is bypassing the CSC, it gets This was done when there's very low traffic on the LAN and CPU is low usage on the CSC. The CSC has been re-imaged also but still doesn't solve the problem.
View 6 Replies
View Related
Dec 2, 2012
We connected to locations to the RV042 by setting up 2 Gateway - to - Gateway VPNs - both locations can communicate with the RV042 and devices within the local LAN of the RV042 - however at the moment it is not possible to send traffic from 1st VPN Location to the 2nd VPN location
View 1 Replies
View Related
Apr 18, 2012
i am using RV042 router, i have configured DMZ in this, DMZ is not passing the traffic, i am able to ping the DMZ ip from the server. but the server is not getting the Internet.
View 1 Replies
View Related
Feb 12, 2012
We have a managed service provider voip network that requires us to use our own router for the data network. We wanted to use the RV042 for it's easy vpn setup. After installing it worked great for about 10 min. then the WAN port stopped passing traffic. 3 min. later it started working again. We tested the RV042 on a different network and it works fine. We tested an older Pix on the managed network and that works fine. But the RV042 will not work on the managed service provider voip network. The service provider says that on their end it shows our WAN port going up and down.
View 1 Replies
View Related
Sep 3, 2012
I'm having some problems blocking IP blocks. I have several blocks of IP's that I want blocked.I want to block 77.0.0.0/8 from communicating with a server on my lan.So I make a rule in the RV042 to deny all traffic from 77.0.0.0 to 77.255.255.255, source wan1, destination lan, my server's ip,As soon as I move that rule above the traffic forwarding rules I have created, no traffic moves in or out via the wan interface. It seems to just cut off all traffic.
View 2 Replies
View Related
Jul 31, 2012
I have an RV042 router and I'm looking to monitor the total upstream and downstream traffic from within the router.
I know there is tons of software that I can put on a network computer to monitor traffic, but is there any software that I can put on the router itself that will monitor the traffic from within the router?
View 2 Replies
View Related
Feb 24, 2013
We have offices in USA and Venezuela.In our USA office we have a RV042 router and in Venezuela we have a RV082 router.We have connected a VPN tunnel (gateway-to-gateway) between both offices.
The point is:How could we redirect the internet traffic from our Venezuela office (RV082) to the USA Office (RV042) to navigate using USA public IP's?
The reason for this is that we need to use online streaming services which are only available for IP's from USA and we can't use them from the Venezuelan IP's.
We can not use the PPTP option since the equipment which will use the streaming services (like hulu, crackle, etc.) in Venezuela is a Google TV device which doesn't allow the configuration of proxy navegation or PPTP VPN connections itself. That's the reason why we need to do that through the routers.
View 1 Replies
View Related
Dec 19, 2011
We have a VOIP system from AT&T with T1 internet access. I have a RV042 setup as the default gateway for the network and the router randomly (usually over the weekend loses the internet). I have updated to the latest firmware and have check all logs on the server. When the internet access goes down we can still access the internal network. I have been power-cycling the router and then everything works fine. Is there a known issue with this router radomly blocking internet access in or out? This device should remain working at all times so that our remote users can access the company network.
View 0 Replies
View Related
Aug 1, 2012
I have an RV042. I understand and have created the services I need. The documentation is just not clear on how to direct traffic for these services to a specific wan port.
Can this even be done with this router? If so, the how? Use rate control or priority? Does checking a wan port mean that it will only go through that port?
View 4 Replies
View Related
Jan 2, 2013
I have a RV042 (firmware 1.3.13.02-tm). Is it possible to configure so traffic from a specific domain (incl. its sub-domains) is directed exclusively to one WAN port?
View 10 Replies
View Related
Dec 28, 2012
I wonder if I can have a RV042 VPN Tunnel to a RV082, and in the RV082 block all traffic to the internet that comes form the PCs that are behind the RV042.
Remote PC -> RV042 -> VPN -> RV082 -> RV082 Firewall (block internet traffice, allow intranet traffic)
View 3 Replies
View Related
Sep 13, 2011
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
View 5 Replies
View Related
Jul 24, 2011
I am trying to set up my router to grant http traffic a minimum bandwidth of - for example - 5,000 kBit (if there is any http traffic).
So I set http min. rate to 5,000 while I set nntp min. rate to 1 However, when I run nntp downloads on several connections (e.g. 10) my single http download never goes above 1,000 kBit. Without any other connections I reach 8,000 kBit.
I am using a single 12 MBit line.
View 4 Replies
View Related
Mar 20, 2013
I recently bought my daughter a refurshed dell 17" laptop which has Windows 8 home edition on it. She also has another smaller laptop with windows 7 on it, an X-box-360 and a PS3 all connected to this RV042 Business router.
I do not have access to the firmware version of the RV042. I believe it was updated in 2011 or early 2012.
We found out that with the RV042 firewall set to ON, she is UNABLE to hit her college website with the new win 8 computer
She CAN go to the college web site with the smaller win 7 computer when the firewall is off or on.
The win 8 computer will allow google searches, but when you click on any of the links, it will not load.With the win 8 computer, facebook will not load, MSN and Hotmail will not load.
Disable firewall, and most (if not all) items that did not work, magically DO work when the RV042 firewall is disabled for the win 8 laptop.
Having issues with with win 8 home edition and the RV042 firewall enabled? Is there a "simple" cure for this, other than slicking the laptop and putting win 7 on it?
View 3 Replies
View Related
Jan 14, 2013
this is regarding my RV042. Its firmware version is v4.1.1.01-sp (Dec 6 2011 20:03:18), unchanged from how I received it. I purchased less than a month ago. I have a problem wherein the firewall behavior is not what I expect it to be, where I expect only allowed ports/services to be open to a given private IP from the outside but am finding that all are open to that private IP!
Let me describe the current configuration. I am going to blank out all digits of the public IP addresses when discussing them except for the final digits for security reasons.Router's WAN1 is set up as static, X.X.X.189. This is part of my public IP block. WAN2 is disabled. One-to-One NAT is enabled. Three instances of it are set up. One, for example is 192.0.2.89 (a private IP) mapped to X.X.X.180, a public IP, part of our public block. Forwarding is not enabled. There is no DMZ Host. That is set to 192.0.2.0. Firewall and SPI are Enabled. Access Rules for the firewall are set up in addition to the default rules which are present to Deny all traffic with WAN1 and WAN2 as the source from any source to any destination. This to me means that unless I set up Allow actions, there should be no access from the outside, WAN1. As an example of one of my Allow rules, I have this:
Action: Allow
Service: HTTP
Log: Not log
Source interface: WAN1
Source IP: ANY
Destination IP: Single, 192.0.2.89
Time: Always
My problem: My expectation is that based on the One-to-One NAT setting, the public IP X.X.X.180 is now associated with the private IP 192.0.2.89, but nothing from public to private is allowed unless allowed by the firewall, which is only set to allow HTTP / port 80 to 192.0.2.89. But the behavior is that 192.0.2.89 is, as presently configured, open to everything from the associated public IP, not just port 80, but all ports! It is as if my firewall rules have no impact whatsoever.
View 3 Replies
View Related
Aug 25, 2012
I need to configure a new RV042 behind a SSG5 firewall. All VPN connections is client to gateway.
Firstly, i tried doing a direct connection(bypassing the firewall), the quickVpn status says connect but I can't even ping the rv. I suspect is due to client own ip is 192.168.1.x and the gateway ip is also 192.168.1.10. How do I resolve this such that users can connect anywhere without having to worry about clash of ip?
View 10 Replies
View Related
Apr 8, 2012
I wanna block the Lan IP address(eg:192.168.2.106) to visit wan web, and allow it to lan.How can i set it in access rules?
View 2 Replies
View Related
Feb 5, 2013
I have an RV042 which is being used as an interface to an ISP.The WAN address (public) is obtained via PPPoE.The LAN address (also public) is entered manually from an assigned block of public addresses. This is the internet gateway for other publicly-addresses devices like firewalls, VPN devices, etc.
I have an RV042 to play with as will as one in production that I can access.Because the accesses are both through public addresses, I want to use https to access the device. I've generated a number of questions as I'm not sure the behavior is understandable to me and maybe the behavior isn't even consistent.
- If the firewall is Disabled, the https setting is still available. So, presumably https will work with the firewall enabled or disabled? Is that right?
- I take it that the Remote Management setting and port number are associated with the WAN port. For example, can one set Remote Management ON with port 443 and still access via the LAN on port 80? on port 443?
- If Remote Mangement is OFF then I presume that one cannot access the device through the WAN. Yet, that seems to not be the case. I wonder if the public addresses on this device affect this?
Well, I guess we might forget about the Port number and just ponder the following - Sort of a truth table:
Remote OFF
http...........WAN access: NO LAN access: YES
https..........WAN access: NO LAN access: YES
Remote ON
http...........WAN access: YES LAN access: YES
https..........WAN access: YES LAN access: YES
This is what it would seem to me to be but it doesn't seem to work that way.
View 3 Replies
View Related
Oct 6, 2011
if possible with the RV042.Primary External IP address uses port forwards for some ports, all okay.I would like to have other external ip addresses assigned to machines on my lan.Basic host multiple web servers, on different IP addresses, using port 80. [code]
From what i am reading, it looks like the RV042 can do this, but I am not real clear what my rules should look like.
I would think my high priority rule for each external IP address would be to deny all traffic first for each machine on the lan.Then create one entry with source 202.x.x.2 port 80 -> 192.168.168.2 ?
How should I set my rules to do this, and what settings should I have on the Nic of the second machine?
View 3 Replies
View Related
Oct 13, 2011
I have a new (about 4 months old) RV042 V3 4.0.0.07 firmware that I am trying to use in fail over mode. I have a SOHO and I normally use cable Internet connection. It is quite fast (15 megabit), but not super reliable. I have added DSL (3.3 megabit) which is five nines (supposedly) but not so quick.
I have a Westell 7500 wireless DSL modem located in the basement, where the telephone lines enter the building. This gives me a wireless link to the second floor server room through a wireless router that connects to WAN 2 of the RV042. The cable modem is in the server room and connects directly to the WAN 1 of the RV042. The cable works, but when it goes down, the DSL link comes up but does not allow Internet traffic. The RV042 is set up as a Bridge and I have set up port forwarding to get the cable to work and used similar firewall commands to route the traffic if the router switched over. I suspect that the problem is in the port forwarding (port 80) or the firewall rules(which are pretty simple) because everything looks like it switches over, but it just doesn't work on WAN2.
View 2 Replies
View Related
Jun 9, 2012
I'm trying to set up a RV042 to do the following:
1) Block all WAN connections, except for:
2) Allow all port 80 connections, and forward to 10.4.20.60
3) Allow all port 443 connections, and forward to 10.4.20.60
4) Allow port 22 connections from specific IP addresses, and forward to 10.4.20.60
5) After a remote client has connected using Client to Gateway VPN, allow that remote client to access anything on the LAN
I'm able to do #1-4 above, but I can't get #5 to work. Or I can get #5 to work, but can't implement the restrictions I need in #1-4. Attached are some relevant screenshots. I think the problem is that I have Forwarding rules set up that require me to have a firewall rule to Deny All Traffic from WAN1 (unless I'm specifically allowing it). In the Access Rules screenshot, rule #6 is the problem. If I enable it (thereby denying all WAN1 traffic), then VPN clinents can't access anything on the LAN. However if disable this rule, VPN clinents can access anything on the LAN, but the firewall also opens up all outside connections to SSH, since that's set up in the Forwarding rules. I would have thought that once a remote client is connected using client to gateway VPN, then that client is considered to be on the LAN, as far as the firewall is concerned. Thus a firewall rule (like #6) that is specified for WAN1 shouldn't effect remote VPN clients.
View 1 Replies
View Related
Mar 31, 2013
I have 2 questions to confirm and/or get direction on how to modify.
1) is there a way to get around the (seemingly arbitrary) class C (slash 24+) subnet restriction for the primary/main IP address for the internal LAN?
(I realize I can setup multiple internal subnets but that also seems to introduce restrictions for port ‘forwarding’ and ‘one-to-one NAT’ use because those features seem to be restricted to the primary/main IP subnet)
2) it seems like all traffic is passed to the host on the internal side of a ‘One-to-One NAT’ regardeless of the firewall rules in place, is that what is be expected?
View 6 Replies
View Related
Nov 1, 2011
We have a setup where our e-mail server is hosted in-house.Our network is connected through a RV042 gateway. Port 25 is forwarded to our internal e-mail server.Our smtp service should be limited to receiving incomming connections only from 4 specific ip ranges which I set up in the firewall rules.The reason is that all smtp is managed and protected by an external anti-spam/vires provider.
However it looks like any computer is able to connect to our port 25 and be forwarded to our e-mail server.Does portforwarding overrule firewall rules - ie. you can not limit access with the firewall if you decide to port forward?Is this a "fixable" situation - or is the RV042 not built for handling this setup?
View 5 Replies
View Related
Dec 4, 2011
I'm having an issue where our RV042 router is blocking some of our customers from sending us e-mails.I noticed thatCISCO has produced a newer version of the RVO42 V3.0 and has firmware version 4.x. can you upgrade the Linksys RV042 Hardware V 1.2 to the 4.x firmware? I have found a few articles and forums online about otherpeople having the same issue with the RV042 v1 randomly blocking, e-mail but no one ever has a solution to correct the issue.Some people have recommend to roll back to factory default and reconfigure the router as the config may by corrupt.
View 4 Replies
View Related
Nov 15, 2011
I recently installed an RV042 v1.1 vpn router (older hardware revision but using the latest available firmware 1.3.12.19-tm) and set up VPN access with the QuickVPN client. QuickVPN requires that the HTTPS setting be enabled under the Firewall options, so I did. I then scanned our static IP with grc.com's ShieldsUP! to check for open or non-stealthed ports and discovered that ports 80 and 443 show as wide open, while port 113 is closed but not stealthed. If I disable the HTTPS setting under Firewall, then ports 80 and 443 become stealthed. Is there any way to use QuickVPN and keep these ports stealthed?
View 1 Replies
View Related
Jun 4, 2013
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
View 1 Replies
View Related
Aug 5, 2011
I am using an RV042 router/firewall -- firmware v1.3.13.02-tm -- connected to a cable modem.I have one public address (WAN1) assigned by my ISP's DHCP server.All my machines on the LAN have static IPs. (RV042 DHCP Server is disabled.)I have set up port (80) forwarding to 192.168.1.101 The HTTP port forwarding does work if an http client on the LAN sends a request to http://<public-ip>:80But I cannot get a response if I send a request to http://<public-ip>:80 from a machine on the WAN.
I did configure Access Rules to allow http traffic (and then tried to allow *all* traffic) between a single IP on the WAN and 192.168.1.101 The incoming log table shows a connection is made from the http client on the internet to the correct http server on the LAN, but there is no resonse from the LAN to the remote client.Is my configuration the problem, or is this feature not supported by the RV042 router? Could my cable modem be blocking outbound traffic?
View 1 Replies
View Related
Feb 22, 2011
I have FiOS and their supplied wireless router Actiontec #: MI424WR. I have equipment that uses the newer N signal so I purchased a Linksys E3000 Wireless-N Router. This is working great for my wireless home theater equipment but I am having problems with my wired speed. It has gone from 20 to 30 mbps to around 10 mbps. I have one of the LAN outputs on the Actiontec feeding the Linksys input, I have my computers plugged directly into the Linksys verses the Actiontec. This makes it easier to program the Linksys router. Since I am no longer using the wireless part of the Actiontec there really is no need to be plugged into it. Is there anything I can do get my speed back or will I have to plug the computer back into the Actiontec and move it every time I may need to make a change to the Linksys
View 3 Replies
View Related
Dec 17, 2012
Two desktop computers are hard-wired to Belkin F5D8235-4 v1000(Firmware Version 1.01.19. When second computer is initialized, first computer slows to a crawl online. Comcast technician says modem is fine, but router appears to be the problem. Cannot find the extension .bin to download upgraded firmware and I don't know whether or not that will work. Is it time to purchase a new Belkin?
View 1 Replies
View Related
Dec 10, 2012
Recently I upgraded my Internet speed at the ISP from 10Mbps to 25Mbps and the problem is that I am measuring only 15Mbps using [URL]On the day when the tech came out to install the new DSL modem, he noticed the difference and as part of troubleshooting, he bypassed the Linksys router and voila the net speed measured 25Mbps using speedtest.net.So, why my Linksys WRVS4400N V1.1.13 acts like a bottleneck in this case? I didn't have this problem at the speed of 10Mbps. The upload speed is OK, it is 5Mbs with or without the DSL modem.
View 2 Replies
View Related
May 12, 2010
I have a mysterious problem with my Internet connection. The Edge topology is in the attachment so are the most important "show" commands. We have a 50Mb/s symmetric Internet connection. When we use Internet through ASA the download speed does not exceed 3Mb/s whereas the upstream is at about 45Mb/s. When we connect our LAN directly to 2960 the downstream increases dramatically up to 47Mb/s whereas the upstream remains at about 45Mb/s. Duplex is manually set to 1000/full on all interfaces. All that I have noticed are dropped packets on outside interface (Gi0/0). The reason is unclear.
View 6 Replies
View Related
