04-02-2014 11:26 PM
Hi
I have a RV320 with firmware 1.1.1.06.
I get a lot of "Connection Refused - Policy violation" in my SysLog on outgoing connections:
#warn<4> Connection Refused - Policy violation: IN=eth0 OUT=eth1 SRC=192.168.7.103 DST=X.X.X.X DMAC=XXX SMAC=XXX LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4363 DF PROTO=TCP SPT=59208 DPT=80 WINDOW=16450 RES=0x00 ACK FIN URGP=0
Even though I have no rules denying these connections.
Another thing that it very weird, if I create a rule allowing lan any ip to any destination as rule no 1, I'm not able to access the internet.
Allow | All Traffic [1] | LAN | 192.168.1.1-192.168.1.255 | Any | Always |
05-16-2014 12:33 PM
Check the "Content Filter" under Firewall also.. they perform like rules.
06-26-2015 12:34 AM
I recently received my warranty replacement for the RV320. Left it running 2 weeks to see if the errors I had returned (not so far).
However today, I connected it to the Internet. I have no rules, no configuration beyond setting the IP and VPN. When reviewing the log a few hours later, I find a few dozen of these entries, which seem to be all pointing to Google's IP's. Every 30 minutes.
Only one computer (the one sending the packets) is connected. It must be sending this request, however I cannot determine why the router is blocking it.
Jun 25 23:23:32 2015 | Connection Refused - Policy violation | IN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.132 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18699 DF PROTO=TCP SPT=1107 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0 |
Jun 25 23:24:10 2015 | Connection Refused - Policy violation | IN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.132 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18704 DF PROTO=TCP SPT=1107 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0 |
Jun 25 23:52:58 2015 | Connection Refused - Policy violation | IN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.142 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18958 DF PROTO=TCP SPT=1108 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0 |
06-26-2015 06:31 AM
Could be an ACK FIN for a connection that the device believes is not actually established (missing SYN or SYN-ACK).
See post at bottom : https://supportforums.cisco.com/discussion/11786826/rv042-connection-refused-policy-violation
Out of interest are you seeing much packet loss? Missing packets could cause this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide