New RV130W port forwarding is not working. HELP!!

eric · ‎07-26-2017

Despite spending a lot of time on this issue, the port forwards are not working on my brand new RV130W? I have tried single ports and port ranges. I mainly want to have a single, outside, WAN address RDP into a specific machine, i.e. from home to the shop (plus remote view a DVR). I have created and recreated access rules, schedules, service management entries, Internet policies..... I have read the forums and knowledge bases. I watched YouTube videos purporting to show the proper process and yet, nada, zip, zilch. Every time I run a port checker tool there are no ports open and RDP is unreachable. (Worked fine with old ASUS router but I can't assign an outside WAN with that one)

I am willing to admit that perhaps I don't understand the Cisco 'way of doing things'. (I have done this successfully on other brands). Which brings me here as I am out of ideas.

Has anyone successfully done this on an RV130W? From what I read it is capable of such a feat.

BTW, I did do the firmware upgrade after I tried with the original firmware, same results for both.

Is this unit defective maybe?

Thanks in advance, Eric

P.S. I attached a couple of jpg's showing the setup. I blacked out my home WAN IP.

cbjwthwm · ‎07-28-2017

The bug where a single port had to be forwarded as a range for long term stability was fixed long ago, so you don't need to worry about that issue which you may have read about.

You don't need to resort to access rules to get the port forward to work, just enter it into the single port or port range forwarding tables and they do work reliably. I am looking at one that I manage which has a couple active that work properly and uptime is presently over 90 days...they do not become unstable and are used regularly. In my case they are still single port forwards entered in the port range table as I configured this particular one a couple years ago (when the single port forward stability issue still existed), and one of the active ones is an RDP host.

Are you sure the RDP port on the host machine isn't being blocked by the default setup of the machine's Windows firewall? You could try connecting to it from another PC on your LAN to confirm that's not the case. I usually test my port forwards using ShieldsUp from grc.com.

eric · ‎07-29-2017

Thanks for replying. To be clear, at this time no port forwards, ranges or access rules are working at all. In this case I only need one WAN IP to be able to RDP into a single machine (in another city) so I don't want RDP open to the whole web, which is why I was trying the access rule route. RDP worked fine with the ASUS router before I replaced it with the Cisco but we were brute force attacked so I was trying to lock things down to a single WAN IP. At this point I am likely going to take the Cisco back as it is not performing correctly that I can tell.

P.S. Thanks for the tip about ShieldsUp!

cbjwthwm · ‎07-29-2017

I modified my working RV130 config with the RDP port forward and confirmed access rules do not work properly--so this is a firmware bug for Cisco to resolve.

I confirmed it working with the previous range forward of port 3389 TCP to IP x.39 in my case, then disabled the port range forward and confirmed it stopped working.

Then I created a service entry for RDP (port 3389, TCP), added an access rule in its simplest form (Inbound, always allow, RDP service from any Source IP to a single address of the same x.39, enabled the rule and it does not work.

Just for completeness, I then created a single port forward rule for RDP / 3389 / TCP to the same address x.39, and the RDP host immediately began working again.

eric · ‎07-29-2017

Once again thanks for going the extra mile! Which firmware are you on out of curiosity? Either way it does seem like I am out of luck for using it as I had originally intended as I cannot wait for a firmware fix.

cbjwthwm · ‎07-29-2017

I'm on the latest 1.0.3.28 firmware. I also tried manually creating an open schedule hoping to find some bug in the rule's defaults but no such luck.

cbjwthwm · ‎07-29-2017

The access rules do work in block form though, I configured the same rule to block instead of allow a specific public IP and it successfully blocked my working RDP forward.

eric · ‎07-29-2017

Good news is, I am not crazy.Bad news is, looks like I am going to need another router!

cbjwthwm · ‎07-29-2017

I notified the Cisco rep who responded to my confirmed bug list for the RV320 in this thread (https://supportforums.cisco.com/discussion/13325941/rv320-firmware-13202-bug-list), so you may see some resolution relatively quickly--a long posting I did about RV130 bugs in the past was endorsed multiple times by support and firmware r28 was released about a month later to address a few of the issues I documented. Best of luck :)