04-09-2013 11:06 AM
Hello
I'm having some trouble with my companies RV042 rev3, (Firmware version v4.2.1.02),being used as an internet gateway.
Access to the internet slows right down and eventually freezes, (blocking access to the internet), once or twice per week. Rebooting fixes it (for a while.)
I’ve noticed lots and lots of “connection refused – policy violations” in the log. I get hundreds, thousands of these policy violations every day. I’m thinking that the router eventually just gets overwhelmed by them and crashes. I have included a jpg showing a small portion of the system log. See "RV042 System Log1.jpg"
I’m confused about what these policy violations are. The packets are all from internal, (LAN), IP address to external IP addresses. I have included a jpg of my firewall settings. See "RV042 Firewall general.jpg"
I tried disabling SPI and “Block WAN Request” but it did not change anything.
I have not created any rules to disallow anything so the default rule allowing all LAN traffic from any IP address to any IP address should allow these packets to pass should it not? I have included jpg's of my firewall access rules and port forwarding. See "RV042 Firewall access rules.jpg" and "RV042 Setup forwarding.jpg".
What policies are being violated? Is it because all the refused connections are for non-standard ports? I understand the forbidden domain entries in the log because I've blocked access to Facebook.com and myspace.com using content filter in the firewall.
I’ve tried resetting to factory default and then re-configuring from scratch but it makes no difference.
04-12-2013 12:52 PM
I, too, am getting hundreds of these entries. I am concerned because we have had virus activity on some internal computers. I am running same model and firmware.
Under Firewall tab:
General: Firewall, SPI, DoS, Remote Mgmt, HTTPS are Enabled; Block WAN Request and Multicast passthrough Disabled
Restrict Web Features: Access to HTTP Proxy Servers is selected/blocked
How do I tell what policy is being violdated?
The log entries for "Connection Refused - Policy violation" are all shoing TCP
04-12-2013 01:04 PM
This likely is not fixable.
A lot of time the policy violation errors are a result of TCP sessions that do not terminate generating a lot of log messages.
-Tom
Please mark answered for helpful posts
04-14-2013 08:40 AM
For what it's worth, this also happens with the rv016. I've just setup a script to reboot them once and day. That's my fix until we can afford to replace them with some other routers.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
09-18-2013 06:59 AM
Samir does the RV016 have SSH access? They removed it from the RV042 and I'm wondering what type of script you're using to reboot. I wanted to do the same thing but short of using a timed outlet I can't think of how to accomplish it.
Thanks!
- Sorry, I know this is a few months old.
09-18-2013 07:51 AM
Have look here:
https://supportforums.cisco.com/thread/2161638
I'm a little sick in the meantime, another piece of expensive plastic trash in my Cisco collection:
4x WRVS440n, 1x RVS4000 and now, tadaaa
1xRV042G...
A lot of features (internet access rules, local network overview, block of P2P/IM) have been eliminated and now this trashy logs (besides frequently collapsing VPN tunnels).
WELL DONE, Cisco!
11-09-2013 04:09 PM
That's a lot of equipment. What do you plan to do with it?
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
11-10-2013 02:46 AM
Wanna buy? Shipping only to European address, payment in advance...
11-10-2013 11:13 AM
I'd be highly interested, but I'm in the US. All I have to do is set up some VPN links, so these would probably work okay with a rebooter.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
11-09-2013 04:08 PM
The rv016 does have some hidden features including an ssh. I thought the rv042 might have the same, but I know the hardware is different vs the 16 and 82. Still, if you want to try my script, send me a message.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
10-01-2013 10:02 PM
We're seeing on average 30-35 of these messages written to the log of our RV042 each minute. Our system has 20 NAT clients and an average daily throughput of 50-60GB/day across two WAN connections. Aside from the fundamental problem these messages represent and the unnecessary overhead of logging them, it makes the RV042's connection log virtually useless. We've tried resetting to factor default configuration and rebuilding, deleting all user-configurable rules, and operating in single-WAN mode. None of these make a difference. The "Connection Refused - Policy violation" messages just keep on appearing.
10-02-2013 06:35 AM
After some other, minor issues, including this thread:
https://supportforums.cisco.com/thread/2158826?tstart=30
(especially the part with the product review of a feature not implemented in the firmware)
MY solution for this problem:
http://www.applianceshop.eu/index.php/firewalls/opnsense-ghz-pfsense-appliance.html
Bye-bye, Cisco!
Open-source, non-NSA software ahead...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide