Cisco Routers :: RV082 VPN To ASA5500 Device Crashes When Keep-alive Enabled?
Dec 19, 2011
We have several RV082s here which are intended to connect to a central ASA5510 firewall. The VPNs are configured and do work basically, however in our test environment the RV082s kept crashing after an apparently unpredictable amount of time (sometimes after several days or even weeks). All the RV082 have the newest firmware installed (v4.1.0.02-tm).
When further investigating the issue, I found out that the crashes can be reproduced when enabling the keep-alive option on the RV082. When powering up the RV082, they boot, start up the VPN, and then they crash a few seconds after the tunnel has been established (one or two pings usually get through). When crashing, the RV082 becomes completely unreachable, ie no ping, no webinterface etc.
There is a note in the firmware release notes saying that enabling the keep-alive option would not work the way it should. However it seems that enabling that option lets the router completely crash after its next reboot. This makes the keep-alive option basically worthless, however we need this since the routers will get installed at remote sites with no personnel available there.
Is there any way to enable the keep-alive option without making the routers crash immediately after startup?
View 3 Replies
ADVERTISEMENT
Aug 28, 2012
Recent incountered an issue with our elastix pbx and packet loss. Noticed this morning that when I turn on the firewall on our RV082, packet loss begins around the level 3 servers I see in my traceroute, and then slow spread out to all hops. When I turn the firewall back off, all hops have no packet loss or less than 1%. The weird part is, previously, I had the firewall enabled, and never had this issue.
View 2 Replies
View Related
Sep 11, 2012
Hardware: RV082 V03
Firmware: RV0XX-v4.2.1.02
Lan: 192.168.1.0/255
Static routing: 192.168.1.239 to 172.25.152.64/224
The unit is configured as internet gateway. 4 NAT ports are active. When firewall disabled all works fine. When firewall enabled I do get connection lost at random interval. In firewall only 4 rules added to the default 3 rules. The added rules are:
1/ permit 192.168.1.22 port 25 to any
2/ permit 192.168.1.27 port 25 to any
3/ permit 192.168.1.10 port 25 to any
4/ deny any port 25 to any
I do get at random times connection lost when navigating with windows explorer on a PC with IP 192.168.1.x to a share on a PC with IP 172.25.152.74. The same happens when copying files. Sometimes it works, later it fails or reties are needed. When the firewall is switched off all runs fine.
Ping from 192.168.1.x to 172.25.152.74 allways give a <1ms response
Is there a RV082 perfomance problem or do I have a configuration problem?
View 4 Replies
View Related
Jun 10, 2013
We are setting up a vpn between a cisco RV082 and a checkpoint device. From the Cisco device we have set up (as remote IP) the public IP 85.xxx.xxx.xxx but when we try to start the tunnel the VPN log (from RV082) report the error "INVALID_ID_INFORMATION" as described below.
Jun 11 11:38:41 2013 VPN Log (g2gips1) #894: sending encrypted notification INVALID_ID_INFORMATION to 85.xxx.xxx.xxx:500
Jun 11 11:38:41 2013 VPN Log (g2gips1) #894: we require peer to have ID '85.xxx.xxx.xxx', but peer declares '10.yy.yy.yyy'
[code]....
The IP 10.yy.yy.yyy. reported in the log is the natted ip of the Checkpoint device.
View 3 Replies
View Related
Feb 3, 2013
I have a wgr614 V6 router, yes its old. I had 3 devices connected to it just fine before without any issues. But now It only allows my laptop, when I try to connect with my ipod touch or desktop, not only does it fail, the entire network crashes and my laptop loses it and its gone. It then takes about 2 minutes to come back up. So whenever I attempt to connect with another device the network crashes. so right now only my laptop is connected.I downloaded & updated to the newest firmware, did not work.I tried resetting the router, and made the network all over again, did NOT work.
View 7 Replies
View Related
Dec 26, 2011
we have some RV042 Routers with Firmware 1.3.12.x we would like to replace with the new V3 hardware.
We downloaded the migration utility 1.0.2.2, which crashes for at least one device.
The release notes for the utility are for version 1.0.2.8, where some crashes seems to be fixed, but where can we download this actual version?? I can only see the (older) 1.0.2.2..
View 3 Replies
View Related
Oct 30, 2012
We are a medium-large sized company with approx.100 offices located across North America. Every single office connects to each other and the data center via a DMVPN overlay network. The DMVPN hub router (Cisco 2951), R-Q9-1, is located at our data center and is the "workhorse" of the company. We also have a redundant hub router, R-Q9-2, at the data center with exact same hardware specs.
Each office builds an EIGRP Tunnel0 and Tunnel1 to R-Q9-1 and R-Q9-2 respectively. All data traffic flows over Tunnel0 to R-Q9-1 until it fails, at which point traffic starts to flow over Tunnel1 to R-Q9-2. This has been working seamlessly for last 1 year of implementing this design, until yesterday, when both R-Q9-1 and R-Q9-2 rebooted all of a sudden at the same time right in the middle of a production day. I confirmed there was no power failure at the data center. A show version of both routers gives me this:
R-Q9-1 uptime is 1 day, 1 hour, 24 minutes
System returned to ROM by address error at PC 0x5C92E28, address 0x5DF36FE9 at 11:52:23 EDT Tue Sep 21 2010
System image file is "flash0:c2951-universalk9-mz.SPA.150-1.M3.bin"
Last reload type: Normal Reload
[code]...
I Google that error but can't find anything specific other than it's saying it's some kind of bus error. What I also found a bit off is the time it's showing on both routers' show version output (Sep 21, 2010 and Jan 10, 2012). Here are the current clock settings on both routers at the time of this writing.
R-Q9-1#sh clock *16:53:31.216 EDT Wed Oct 31 2012
R-Q9-2#sh clock *16:59:44.220 EDT Wed Oct 31 2012
I checked my Syslog server and did not find anything specific during the time of the crash, however, syslog was filled with errors similar to this one
2469: * Tunnel0: NHRP Encap Error for Resolution Request , Reason: protocol generic error (7) on (Tunnel: 10.10.200.1 NBMA: IP address ommitted)
[code]...
I have never seen these errors before and all of a sudden they seem to have stopped since this morning.
View 4 Replies
View Related
Aug 7, 2012
We're getting the following message in the logs when we ry to connect: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA
One of the router is a V2 and the other is a V4 if that makes any difference.
View 12 Replies
View Related
Jul 13, 2012
I am doing a security assessment of an organization that uses 871/881 routers with the firewall features enabled. I see the following commands defining packet inspection done by the firewall software.
-ip inspect name inet-users tcp
-ip inspect name inet-users udp
-ip inspect name inet-users icmp
What I am trying to define is the inspect name "inet-users". It is obviously a constant defined by IOS as it is not defined anywhere in the configuration file like any other "variable" and does not generate an error.What does "inet-users" define? I'm assuming it is all users using the interface(s) where the inspect commands are used, but is that correct? The Cisco IOS manuals do not contain a reference to "inet-users" hence why I'm here asking.
View 1 Replies
View Related
Jan 14, 2013
this is regarding my RV042. Its firmware version is v4.1.1.01-sp (Dec 6 2011 20:03:18), unchanged from how I received it. I purchased less than a month ago. I have a problem wherein the firewall behavior is not what I expect it to be, where I expect only allowed ports/services to be open to a given private IP from the outside but am finding that all are open to that private IP!
Let me describe the current configuration. I am going to blank out all digits of the public IP addresses when discussing them except for the final digits for security reasons.Router's WAN1 is set up as static, X.X.X.189. This is part of my public IP block. WAN2 is disabled. One-to-One NAT is enabled. Three instances of it are set up. One, for example is 192.0.2.89 (a private IP) mapped to X.X.X.180, a public IP, part of our public block. Forwarding is not enabled. There is no DMZ Host. That is set to 192.0.2.0. Firewall and SPI are Enabled. Access Rules for the firewall are set up in addition to the default rules which are present to Deny all traffic with WAN1 and WAN2 as the source from any source to any destination. This to me means that unless I set up Allow actions, there should be no access from the outside, WAN1. As an example of one of my Allow rules, I have this:
Action: Allow
Service: HTTP
Log: Not log
Source interface: WAN1
Source IP: ANY
Destination IP: Single, 192.0.2.89
Time: Always
My problem: My expectation is that based on the One-to-One NAT setting, the public IP X.X.X.180 is now associated with the private IP 192.0.2.89, but nothing from public to private is allowed unless allowed by the firewall, which is only set to allow HTTP / port 80 to 192.0.2.89. But the behavior is that 192.0.2.89 is, as presently configured, open to everything from the associated public IP, not just port 80, but all ports! It is as if my firewall rules have no impact whatsoever.
View 3 Replies
View Related
Nov 15, 2011
I recently installed an RV042 v1.1 vpn router (older hardware revision but using the latest available firmware 1.3.12.19-tm) and set up VPN access with the QuickVPN client. QuickVPN requires that the HTTPS setting be enabled under the Firewall options, so I did. I then scanned our static IP with grc.com's ShieldsUP! to check for open or non-stealthed ports and discovered that ports 80 and 443 show as wide open, while port 113 is closed but not stealthed. If I disable the HTTPS setting under Firewall, then ports 80 and 443 become stealthed. Is there any way to use QuickVPN and keep these ports stealthed?
View 1 Replies
View Related
Jan 29, 2013
We have an RV082 setup with WAN to the internet and LAN IP of 192.168.188.1.If I add a static route like so:
network: 192.168.166.0
mask: 255.255.255.0
gateway: 192.168.188.2
hop count: 1
interface: LAN
The device with IP 192.168.188.2 will be connected directly to one of the LAN ports on the router.Will that work to route, trying to get to 192.168.166.0 to the IP of 192.168.188.2?It just seems odd because the packets would hit the router then go back out through the LAN port.
View 4 Replies
View Related
Nov 17, 2011
isco epc3925 in transparent bridge provided by isp with following wan details
ip=x.x.x.120 subnet=255.255.255.248 gw=x.x.x.121 and 2 dns server ip's
I can't get the one-to-one nat working. read in some forums that the rv082 can do the job.
View 4 Replies
View Related
May 9, 2013
I have a Meraki Firewall that sits behind my Cisco RV082. The Meraki is setup to run a VPN connection with my server but I am having problems passing the VPN traffic through properly.
I have 2 Uverse Internet Connections that the RV082 using load balancing so that they are shared. I have 10 static IP's.
I am trying to come in on one of my static IP addresses throught the Cisco RV082 to the Meraki and after doing a capture on the meraki it appears that it is starting to receive data to intiate the VPN connection but when it sends data back to the VPN client machine it never makes it.
View 1 Replies
View Related
Nov 12, 2012
I have reset my RV082 router (both wit the reset switch and the factory default wizard) and run the setup wizard but regardless I can't connect to shaw.ca which is my service provider. I notice that if I use http://192.168.1.1 the browsers (IE & FF) default to https://192.168.1.1 and then I am prompted for a certificate. I can enter if I ignore the request but after getting in I simply cannot connect to my ISP.
View 4 Replies
View Related
Jan 12, 2012
Is it possbile to NAT to other subnets with the RV082. It is on a 192.168.41.x and I have a phone system on a 192.168.20.x. After searching all over others are saying no.
View 4 Replies
View Related
Jan 14, 2013
I just set up a new Linksys/Cisco RV082 router with the intent to get VPN working from outside the building. I have gone through the setup and while everything looks good, I have not been able to connect yet. I have tried everything that I know how, and am now hoping to get the answer from some pros.
Here's my setup. We use Comcast Business class internet. The modem is plugged into WAN port 1 on the RV082. I'm using the router as a DHCP server, that is working fine. My local subnet is 192.168.0.0/220
Right now all I want is to be able to log in as a client using QuickVPN. I set up one user and a client to VPN tunnel using the router's config page. Here's the settings I have:
Tunnel Interface is setup on WAN1, checkbox is enabled.
Local Group Setup
Local Security Gatewaytpe: IP Only
Local Security Group Type: Subnet
[Code]....
It seems like something is blocking the connection, but seeing that I have tried this after disabling the firewall completely it doesn't make sense to me. I also went into the config page for the modem and set up the router as a DMZ. I have also tried connecting with the client built into Windows 7, but that doesn't work either, I just get "connection failed with error 619"
I have the port in QuickVPN set to auto, but have tried both 443 and 60443 with same results.
I ran a port scan at [URL] and it shows I have 3 ports open...80,443, and 1723
View 4 Replies
View Related
Jan 24, 2012
I have a VPN tunnel from one RV082 to another, first router has IP range of 192.168.1.0 and the second one has range of 18.18.18.0, the connection works fine, here is where the issue starts, I am at a PC in the 18.18.18.0 network and I ping an IP in the other one e.g. 192.168.1.50 and it pings fine, but when I try to RDP into it or do anything to it I get no response, is it a firewall issue? Is it a NAT issue? I am at a loss, now that IP i mentioned does have RDP enabled and working because it is being port fowarded in the 192.168.1.0 router and I can access it through the public IP.
Also a workstation with a static IP 192.168.1.18 I can ping it if im in the local network but if I am in the remote one I cannot at all.
View 7 Replies
View Related
Jul 28, 2010
we have an RV082 router that a few days ago started restarting itself after normal usage.The simpton is that when people come to office, starting using the Internet the RV082 resets. It stays online for 3 to 12 minutes and then it resets again.
clicking on Reset to Factory Default in the web interfaceafter the reset, I confirmed that it was reset to factory default I reset it again using the reset buttomre-configure the RV082 manually.I also tested with another identical rv082 (hw version and firmware version) and after doing a backup of the config of the original rv082 and restoring it in the new rv082, the same problem happends.
View 20 Replies
View Related
Jun 4, 2013
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
View 1 Replies
View Related
Jun 29, 2012
I have upgraded to the new RV042G to take advantage of the gigabit Ethernet speeds and to prepare for when our ISP upgrades our bandwidth. I currently use the RV042 with Protect Link enabled to filter out various categories from our network traffic. I noticed that this feature is not included with the RV042G.
Is this something Cisco will decide to add back in later? In the meantime, how to block content on the network? The basic URL and keyword filter will not meet our needs, since it is much easier to let a service such as Trend Micro manage what is blocked in the categories they offer.
View 2 Replies
View Related
May 5, 2013
We setup two n7K as core switches in our network. We configure VPc peer link as well successfully. We are using mgmt interface of supervisors as a peer keep alive interface, so what happen when this keep alive gets down? Are we loss Vpc peer link between both nexus 7 K?
View 1 Replies
View Related
Mar 15, 2013
I have an RV082 10/100 8-Port VPN Router and have configured the NAT table to allow for remote users, however I've run into an issue. It seems like there is a limited number of entries that you can put in the table,10, and I need to configure about 5 more IPs. Any way to expand the NAT table, or alternatively recommend a different router. I would also be willing to add another router to the network, but I have little experience doing that.
View 3 Replies
View Related
Jul 18, 2012
Are the RV042 and RV082 routers SIP AWARE?I haven't had any luck finding documentation stating such.
View 2 Replies
View Related
Oct 20, 2011
Just purchased a RV082 and once I switched a bunch of users over to it I can no longer access the web admin section. I have tried using both IE and Firefox and have used multiple workstations. I get to the login screen but it doesn't get any further. I am running the latest firmware v4.0.4.2-tm. It works for a while then just stops. The only fix is to turn off the device and back on and then it starts working again.
I've seen this issue on other small business cisco devices and had to stop using this because of this issue and switch to a higher grade cisco product but was hoping that this particular issue would have been resolved now across cisco's products.
View 7 Replies
View Related
Jan 9, 2012
I just migrated our office network router to a RV082. While configuring it, I came across three problems:
(1) From our ISP we have four public IP addresses which I want to make use of for outbound traffic. With the previous router we used we could configure LAN IPs(ranges) to map to static public IPs. Does RV082 support this? I could not find an option for that at the web-interface. From what I understand the 1-1 NATing only goes both incoming and outgoign ways and actually is 1-1 and not the many-to-one I am looking for.
(2) How is it possible to configure incoming port forwards to use a specific WAN interface? Will it always be the primary WAN interface?
(3) Does the telnet access provide more configuration options? I could not log in to it with the same user credentials as with the web-interface.
Serial Number : NKS1532xxxxFirmware Version : v4.0.4.02-tm (Jul 4 2011 13:30:56)PID VID : RV082 V03Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aaLANWorking Mode : Gateway
View 0 Replies
View Related
Apr 27, 2013
we have a RV082 and have the DMZ option enable for a range of IPs within the same subnet of WAN IP and this works great. I have another range of Public IPs from our ISP that is not in the same subnet of the WAN IP and do not see a way on the RV082 to include this 2nd bank of Public IPs in the DMZ. Our ISP internet feed plugs into the RV082 WAN port and we have a switch pulgged into the DMZ port of the RV082 that is used to connect the public devices in the current DMZ. Both banks of Public IPs from our ISP come over via the ISP internet feed plugged into the WAN Port. My question is, if I cannot configure a DMZ rule to allow this 2nd range of Public IPs to "travel" to the RV082 DMZ port.
View 0 Replies
View Related
Nov 12, 2012
I would like to set the subnet mask off the lan to 255.255.240.0 but the selection menu do not allow to do it.
View 8 Replies
View Related
Sep 25, 2012
I wanted to know if you can connect a Cable modem to a SA520W, then connect a RV082 to the SA520W?
View 5 Replies
View Related
Mar 24, 2013
We recently moved our network over to RV082 router and its working great, well now we want to take advantage of VPN for our sales staff.
I was able to setup the VPN and using a PC at a remote office I can launch the quick connect and it connects right away, RV0 even shows the user connected. However the user cannot ping anything on our network via name or IP, connect to any resources, etc...
My understanding was when the client VPN would connect the user would get an IP from DHCP (this is on our Server 2008 DC) and they would be using that address, but when I run IPCONFIG on the client PC they just have there standard IP from remote office.
View 8 Replies
View Related
Feb 10, 2013
I'm planning to buy a few Cisco RV082's for remote offices and using them to connect to main office Cisco 2851 site to site vpn. So I guess, simple site to site vpn will work without much problem, but I wonder, will backup vpn feature work as expected on backup WAN channel and how should I configure it on the IOS side?
View 1 Replies
View Related
Jan 19, 2010
The RV082 is a great unit, however when VPN clients connect the QuickVPN Client has a setting to use the Remote DNS settings of the RV082. The RV082 has no way of linking or using a user-defined DNS. I have an internal DNS Server that I would like the VPN Clients to query on internal name lookups (kindof the point of having client vpn, so they can access internal network shares etc. On the diagnostic page the ping and name resolution can only check external DNS and internal IP's. Wouldn't it make sense to at least make the RV082 aware of internal DNS Servers? Then the Ping and DNS lookup would be able to test both zones? Is this something that can be looked at by Linksys Developers for this product? The WRV210 (a cheaper and lower level model) has this functionality.
View 8 Replies
View Related
Aug 29, 2012
Experiencing a strange issue with v3 hardware. After a short period of time, I cannot log into the web administration - either locally through standard port or remote through non-standard port get login prompt, enter correct username & password, page refreshes with blank background and first page (status?) never shows.power cycling the router restores access to the web administration page, for an uncertain period of time before it barfs again.
I was running older firmware, updated to newest 4.2.1.02 (?) and same problem. Only thing that is better is the internet didn't completely lock up when I tried to access the administration page, like it did on the older firmware.
View 4 Replies
View Related
