Cisco Routers :: RV082 V03 Randomly Connection Lost When Firewall Enabled
Sep 11, 2012
Hardware: RV082 V03
Firmware: RV0XX-v4.2.1.02
Lan: 192.168.1.0/255
Static routing: 192.168.1.239 to 172.25.152.64/224
The unit is configured as internet gateway. 4 NAT ports are active. When firewall disabled all works fine. When firewall enabled I do get connection lost at random interval. In firewall only 4 rules added to the default 3 rules. The added rules are:
1/ permit 192.168.1.22 port 25 to any
2/ permit 192.168.1.27 port 25 to any
3/ permit 192.168.1.10 port 25 to any
4/ deny any port 25 to any
I do get at random times connection lost when navigating with windows explorer on a PC with IP 192.168.1.x to a share on a PC with IP 172.25.152.74. The same happens when copying files. Sometimes it works, later it fails or reties are needed. When the firewall is switched off all runs fine.
Ping from 192.168.1.x to 172.25.152.74 allways give a <1ms response
Is there a RV082 perfomance problem or do I have a configuration problem?
View 4 Replies
ADVERTISEMENT
Aug 28, 2012
Recent incountered an issue with our elastix pbx and packet loss. Noticed this morning that when I turn on the firewall on our RV082, packet loss begins around the level 3 servers I see in my traceroute, and then slow spread out to all hops. When I turn the firewall back off, all hops have no packet loss or less than 1%. The weird part is, previously, I had the firewall enabled, and never had this issue.
View 2 Replies
View Related
Dec 19, 2011
We have several RV082s here which are intended to connect to a central ASA5510 firewall. The VPNs are configured and do work basically, however in our test environment the RV082s kept crashing after an apparently unpredictable amount of time (sometimes after several days or even weeks). All the RV082 have the newest firmware installed (v4.1.0.02-tm).
When further investigating the issue, I found out that the crashes can be reproduced when enabling the keep-alive option on the RV082. When powering up the RV082, they boot, start up the VPN, and then they crash a few seconds after the tunnel has been established (one or two pings usually get through). When crashing, the RV082 becomes completely unreachable, ie no ping, no webinterface etc.
There is a note in the firmware release notes saying that enabling the keep-alive option would not work the way it should. However it seems that enabling that option lets the router completely crash after its next reboot. This makes the keep-alive option basically worthless, however we need this since the routers will get installed at remote sites with no personnel available there.
Is there any way to enable the keep-alive option without making the routers crash immediately after startup?
View 3 Replies
View Related
Dec 13, 2011
i am configuring a 3560, everthing is fine until i enable the "ip routing"
i lost connection to all vlan
View 18 Replies
View Related
Dec 6, 2012
I was trying to browse the internet earlier, and I randomly just lost my internet connection. My homepage loaded up just fine, but then I tried to go to another site. It was taking a while to load. After about a minute a page finally came up that said "Server not found" (I use firefox). I can't get on any websites now and I can't get internet on any of my wireless devices either. When I right clicked my network icon on the toolbar and clicked on diagnose and repair it said "There may be a problem with the DNS. Windows attempted to find the well known host www.microsoft.com using dns. The server responded that the name was unknown." I have Windows Vista. Now I have no idea what I could have done. I didn't do anything out of the normal, just tried to go to a website that I frequently visit with no problems and this happened. This is what I get when I type ipconfig/all in cmd prompt. [code]
View 14 Replies
View Related
Jul 13, 2012
I am doing a security assessment of an organization that uses 871/881 routers with the firewall features enabled. I see the following commands defining packet inspection done by the firewall software.
-ip inspect name inet-users tcp
-ip inspect name inet-users udp
-ip inspect name inet-users icmp
What I am trying to define is the inspect name "inet-users". It is obviously a constant defined by IOS as it is not defined anywhere in the configuration file like any other "variable" and does not generate an error.What does "inet-users" define? I'm assuming it is all users using the interface(s) where the inspect commands are used, but is that correct? The Cisco IOS manuals do not contain a reference to "inet-users" hence why I'm here asking.
View 1 Replies
View Related
Jan 14, 2013
this is regarding my RV042. Its firmware version is v4.1.1.01-sp (Dec 6 2011 20:03:18), unchanged from how I received it. I purchased less than a month ago. I have a problem wherein the firewall behavior is not what I expect it to be, where I expect only allowed ports/services to be open to a given private IP from the outside but am finding that all are open to that private IP!
Let me describe the current configuration. I am going to blank out all digits of the public IP addresses when discussing them except for the final digits for security reasons.Router's WAN1 is set up as static, X.X.X.189. This is part of my public IP block. WAN2 is disabled. One-to-One NAT is enabled. Three instances of it are set up. One, for example is 192.0.2.89 (a private IP) mapped to X.X.X.180, a public IP, part of our public block. Forwarding is not enabled. There is no DMZ Host. That is set to 192.0.2.0. Firewall and SPI are Enabled. Access Rules for the firewall are set up in addition to the default rules which are present to Deny all traffic with WAN1 and WAN2 as the source from any source to any destination. This to me means that unless I set up Allow actions, there should be no access from the outside, WAN1. As an example of one of my Allow rules, I have this:
Action: Allow
Service: HTTP
Log: Not log
Source interface: WAN1
Source IP: ANY
Destination IP: Single, 192.0.2.89
Time: Always
My problem: My expectation is that based on the One-to-One NAT setting, the public IP X.X.X.180 is now associated with the private IP 192.0.2.89, but nothing from public to private is allowed unless allowed by the firewall, which is only set to allow HTTP / port 80 to 192.0.2.89. But the behavior is that 192.0.2.89 is, as presently configured, open to everything from the associated public IP, not just port 80, but all ports! It is as if my firewall rules have no impact whatsoever.
View 3 Replies
View Related
Nov 12, 2012
I have reset my RV082 router (both wit the reset switch and the factory default wizard) and run the setup wizard but regardless I can't connect to shaw.ca which is my service provider. I notice that if I use http://192.168.1.1 the browsers (IE & FF) default to https://192.168.1.1 and then I am prompted for a certificate. I can enter if I ignore the request but after getting in I simply cannot connect to my ISP.
View 4 Replies
View Related
Nov 15, 2011
I recently installed an RV042 v1.1 vpn router (older hardware revision but using the latest available firmware 1.3.12.19-tm) and set up VPN access with the QuickVPN client. QuickVPN requires that the HTTPS setting be enabled under the Firewall options, so I did. I then scanned our static IP with grc.com's ShieldsUP! to check for open or non-stealthed ports and discovered that ports 80 and 443 show as wide open, while port 113 is closed but not stealthed. If I disable the HTTPS setting under Firewall, then ports 80 and 443 become stealthed. Is there any way to use QuickVPN and keep these ports stealthed?
View 1 Replies
View Related
Feb 6, 2012
I have a Rv082 router that works great and I added a Cisco wireless Wap4410n to one of the ports and it works great for all my wireless connections. My problem is I cannot set up any security on the wireless connection. I see it on network majic pro but cannot access it thru my router . Do I have to install a poe switch first?
View 0 Replies
View Related
Nov 19, 2012
I have an RV082 and a RV042. I have been able to successfully establish a gateway to gateway vpn connection between them both, but both Routers unable to ping each other and I can't remotely administer each router through the VPN connection.
View 1 Replies
View Related
Jun 4, 2013
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
View 1 Replies
View Related
Mar 25, 2012
RV082 - 1.3.2 I need to have RDP and pcAnywhere enabled to a customer site for remote support, but need to limit the incoming IP ranges to only our offices. I have the port forwarding set up and tested working. I then set up rules to deny all traffic on the needed ports and added rules to allow a few IP ranges from our office locations. I even tried a rule allowing all traffic from our main office but that also failed to allow RDP or pcAnywere connections.Now I can no longer connect from any of our remote offices. I followed the limited instructions that I found in another post but its not working.
View 1 Replies
View Related
Oct 14, 2011
i have a Cisco Rv082 with Firmware v4.0.4.02-tm (Jul 4 2011 13:30:56)I have configure WAN1 with a public IP and netmask 255.255.255.252. (Only one public IP in use) Internally the LAN is a 192.168.169.0/255.255.255.0.I need to add some rules like
Service: HTTP
Interface: WAN1
From: ANY
To: 192.168.169.2
But after rule configured the connection still not working, it only works when I add a port forwarding.For HTTP maybe port forwarding is OK, but other services I need to grant access to a specific public IP address, not to everyone. So I need the Firewall rule, but is not working, it always block the request. [code]
View 1 Replies
View Related
Oct 24, 2012
We have an RV082 (firmware 2.0.2.01-tm),with an ADSL connection over PPPoE. It connects fine, and I can ping anything, and I can also access websites with HTTPS, but when trying to access any website with HTTP, it doesn't work.There's no load balancing going on, and it's the same whether we have the Firewall turned on or off, and everything else is pretty much as default.
View 4 Replies
View Related
Sep 17, 2012
I have a RV082.I need to disable the firewall, since firewalling is done better elsewhere.However disabling firewall Remote management on wan ip is forcefully enabled.I don't need Remote management, keeping it enabled is a security risk for my setup.I don't understand the rationale behind the choice to forcefully enable remote management if firewall is disabled.Is there a way to disable both firewall and remote management?Or at least a workaround?
I'm on firmware 2.0.0.19-tm on a probably v2 hardware. (Cannot find this info in the web configuration).This is not the newest even for v2 hw but I cannot afford to break it trying to upgrade the firmware.Moreover no release notes for firmware releases refers to a correction of firewall/remote management behavior.Is this behavior also in newer firmware releases?
View 2 Replies
View Related
May 7, 2012
For the past few months my internet connection will randomly drop for about 5-10 seconds when someone else connects to the network. I am using a wired Ethernet connection and as said when someone connects either via WiFi or also through a wired connection, the internet for me will drop as soon as the device is connected, and then randomly every 20 minutes or so thereafter. I should also mention that rarely the connection will just drop for again, 5-10 seconds even when nobody else is connected.I tried my computer at someone else's house using their router and it worked fine, no disconnects at all.
View 1 Replies
View Related
Mar 23, 2012
* ADSL modem connected to internet
* WiFi router (Netgear WPN824v2) connected to ADSL modem
* CPU, iPhone and iPad connected to router, CPU wired connection.Everything has worked like a charm up until a couple of days ago. Now the link between the router WAN port and the modem randomly drops. Stays dropped for 1-3 secs and then connect again. When its really bad this happens with 5-10 secs intervall. This made it impossible to use the network from any of the devices.If I disconnect the CPU from the router and connect it direcly to the modem and change the IP settings to match the modem network the CPU connects without errors to the internet, iPad and iPhone connected to the router keeps having problems.Restarting the router does not change anything and it seems to be more frequent errors during heavy load hours, in the morning I have almost no problems at all, in the evenings I cant almost use the wireless devices (CPU works fine as its now connected directly to the modem not through the router).I havent changed a setting in the last year, it just came right out of the blue.I have hard reset both the modem and the router and reconfigured them (that I dont want to do again as I have some virtual servers, port forwards, port triggers and so on :P).As it came right out of the blue without me changing anything on any device and as it seems to be more frequent during heavy load hours I'm suspecting that the ISP is involved, but how can they be (it works fine with devices connected straight to the modem)?
View 15 Replies
View Related
Mar 7, 2013
I have an N300 router, and I'm having some connection issues. At least once a day I randomly lose connection. This is frustrating because I like to watch videos online and play games online, and randomly disconnecting right in the middle of a game with other people is not fun.
View 0 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would essentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 3 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would esentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 1 Replies
View Related
Nov 14, 2012
I'm owner of Cisco RV082 router and I have a problem with firewall setup.I would like to deny internet access on port 80 (all sites) for group of users, and allow them internet access for one site by HTTPS (443)After applying rules internet connection is really slow.. Users have to wait something like a 30 sec for a website..I descovered that the reason for slow internet connection is DENY rule. After disbling DENY rule everything works fine..Now I have a few rules added to firewall:
Priority:1 Action: Deny Service: HTTP(80) Source interface: LAN Source:10.82.0.51-10.82.0.245 Destination: Any
Priority:2 Action: Allow Service: HTTPS(443) Source interface: LAN Source: 10.82.0.51-10.82.0.245 Destination: 80.64.59.42
What's wrong with those firewall settings?
View 1 Replies
View Related
Jun 9, 2011
I have a wireless router that was named and all the wireless equipment (laptop, ipod, phones) was connecting easily with no problems. Everything is saying "unable to connect". I have no clue what she did but she said her laptop asked her for the 8 number code from the router and she entered it.
View 1 Replies
View Related
Mar 3, 2011
i tried to change my nat type to open, on my Netgear WNR2000v1.i connected throught typing my routers ip. (192.168.1.1)i watched a utube video, where someone told me that i had to changed something in the basic section to 2, instead of auto.now i cant connect to my router. ive tried with multiple pc's.
View 5 Replies
View Related
Feb 27, 2011
I changed a configuration and suddenly I lost the internet connectivity... Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif ATT security-level 0 pppoe client vpdn group ATT ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone EST -5clock summer-time EDT recurringsame-security-traffic permit inter-interfaceobject-group service DM_INLINE_TCP_1 tcp port-object eq ftp port-object eq ftp-data port-object eq wwwaccess-list ATT_access_in remark Linkstation Accessaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in remark Linkstation
[code]....
View 3 Replies
View Related
Nov 28, 2012
I have a Cisco ASA 5520 that we was working properly. I tried to create a VPN IPSEC to test but when I finished the wizard I lost the conection between the inside interface and outside. I use other interface for DMZ and other for printers network but this adapters are working properly. I have reviewed the NAT's and the ACL's but I don't see the problem?
I have delete the VPN IPSEC but it's still not working and I have the network down
View 2 Replies
View Related
May 18, 2010
Running ASDM V6.3 connecting to a couple of ASA5580's V8.2. After initial configuration everything seemed to work great, however, as of a few days ago I can no longer view statistical information. I can attach to the devices without a problem, view and edit all configuration information but the dashboard applets do not pull or display any statistical info. Resource, Interface, and Traffic status all time out with the error "Lost Connetion to Firewall". The syslog info is not display rather the error "Syslog Lost Connection". My first thought was a java issue on the client. I have ripped out and reinstalled even back-revisioned to no avail. I'm to the point where a dumpe of the management workstation is the next step. I'd like to avoid that extreme if possible.
View 3 Replies
View Related
Oct 10, 2011
I 've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).Some Users received in there mailbox a system administor error message :Object : Impossible to deliver : testYour message could not be deliver to one or more of its recipients: 421 SMTP connection went away!When they try to re sent it some times later, message is sent whithout problem.
View 3 Replies
View Related
Feb 10, 2010
I installed a new ASA using 8.2.2 version and ASDM 6.2.5 version in contexts mode.When i enable logging for ASDM as debugging i cannot use the real time log viewer because I have an error "Syslog connection Lost. Try restarting the syslog connection", I tried to reconnect using the icon at the bottom but nothing change.
View 9 Replies
View Related
Aug 7, 2012
We're getting the following message in the logs when we ry to connect: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA
One of the router is a V2 and the other is a V4 if that makes any difference.
View 12 Replies
View Related
Aug 22, 2011
I have my firewall on IP 192.168.0.1 (for example, real IP is a class C address). I have a web server (Ubuntu 10.04, though this happened before with an 8.04 box as well) on ip 192.168.0.101. Everything will be functioning fine, and I won't have any issues for a while. Then, randomly I'll have problems getting to my web server, getting disconnected from SSH sessions. I go to one of my linux boxes and do an "arping -b 192.168.0.101" and I will get two responses, one from my firewall and one from the box, as illustrated below. The only way to correct the issue that I've run into is to reload the firewall, which will then behave properly again until it randomly decides to start answering ARP requests on the other IP again.
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.309msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.434msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.280msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.377msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.129msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.221msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 1.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.934msSent 4 probes (4 broadcast(s))Received 8 response(s)
Reloaded firewall
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.935msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.758msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.733msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 9.568msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.931msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.283msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.756msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.070msSent 9 probes (9 broadcast(s))Received 9 response(s)
View 5 Replies
View Related
Feb 14, 2013
am trying to connect my laptop withgalax tab via mobile AP configuration, it give me this error {dhcp is not enabled for wireless network connection}
View 1 Replies
View Related
Jul 7, 2012
I've been trying to set my IP to a static IP so I can host servers for a few different games and every time I change the IPV4 settings my internet stops working and when I troubleshoot it says "DHCP Not enabled for local area connection.".
View 5 Replies
View Related
