RVL200 locking up?

andrew.sutter · ‎12-23-2010

Hi all,

We recently deployed a RVL200 device at a client site. It's been locking up, on average, once every other day, but works fine between lockups. We're experiencing two distinct states of brokenness:

1. the device continues to route traffic but the www server on private (for admin) and public (for SSL vpn connection) interfaces do not function

2. the device does not respond to any network requests

I'm curious if anyone's experienced similar issues with this model or can offer any suggestions. Our setup isn't too unusual: we're at the latest firmware (1.1.12.1) and have even re-flashed the firmware at one point. There isn't a huge amount of network traffic traversing the router: it is deployed in a three-person office. The internal WWW server is listening on 4343 as 443 is needed for an internal application and is forwarded appropriately.

I've enabled syslog, turned up to detailed logging, but don't see anything useful in the logs when the router locks up. The logs just show the usual legitimate traffic right up to the point where the router hangs, then stops. Doesn't seem to coincide with any unusual traffic/denials/etc from inside or out.

Thanks in advance,

Drew

macbeth_uet · ‎01-12-2011

We have the same problem.

Every 24 to 72 hours need to power cycle.

Installed Nov20th 2010 has done it since.

Did all the firmware stuff as well. No diference. Installing timer to cycle power exery 24hrs.

andrew.sutter · ‎01-13-2011

Thanks for the response. Just a followup on our unit:

We opened a support case with Cisco and get a few different answers, depending on the tech we spoke with. At one point it was suggested that SPI should be disabled because SPI "always causes these devices to lock up" which is an interesting resolution considering the unit is sold as a SPI firewall and the feature should presumably work. That caused the hangs to be less frequent, but they still happened.

At this point, we've advised our client to return the device for a refund. We're really disappointed by Cisco's response in this case: we can't get an RMA unit before returning the original, so our client would effectively be without internet for at least several days, and we've been told by Cisco's techs that we shouldn't be trying to use SPI on a SPI firewall.

I understand this is a budget, SOHO oriented device, but the support has just been weak here. Had we known, we'd have happily recommended a more expensive device in the first place.

qumartin · ‎01-13-2011

I am taking a look at what you have stated and for reason number one the SSL is not going to work if you currently use port 443 for another internal application. SSL uses 443 to work. It would be a conflict with two devices using the same port. A test that you could do is to have the device using port 443 use another port and see if the SSL works than.

To get a more clear under standing of the other probems that you are having please provide a simple network topology. That would be very help to see what is going on with the your network. Sometimes depending on what you are trying to do with the network you may have purchased the incorrect router.

The small business line of products should be bought for the need of the customer. It not like the cisco enterprise where most routers covers every function of the customer. So it depends alot of the setup of your network if the router or switch you purchase is the right fit for you.

I do apologize that you feel that you may have been mislead in some way but every router does not work correctly for every network. Please let me know your topology and the business need of your nework hopefully I can come up with an answer that will fit your network needs.

Thanks

Quendale Martin

andrew.sutter · ‎01-13-2011

I believe you are incorrect.

At least with the 1.1.12.1 FW, the SSL VPN port can be specified. Ours is 4343 and 443 is forwarded elsewhere. When the router is not locked up, both services work fine.

qumartin · ‎01-19-2011

Next step is to run a wire shark scan this should show more information on what possible could be happening when the router locks up. If you are still having to reboot the router every other day, I would say to start running the wire shark the second day after you reboot the switch. I do understand that the switch log does not give you alot of information.

Wireshark is free software that you can download from the internet. Please let me know if this helps

Thanks

Quendale

andrew.sutter · ‎01-27-2011

No, the next step is to return the defective router to the manufacturer, as our client has already done. We did perform wireshark captures on a couple occasions but saw no traffic out of the ordinary. Our client is a very small office with four PCs on the internal network and one VPN client connected perhaps three days a week - at no point was the RVL200 under a heavy load.

The replacement device is handling the same traffic/functionaility just fine, as expected.

As Benoit mentioned, it's insane that Cisco support should suggest that disabling SPI on a SPI firewall is an acceptable solution, nevermind that the fix didn't work anyway...

idepix1809 · ‎01-23-2011

Hi Andrew,

I also has "locking" problem with RVL200 routers. You can check my post (01-23) in this forum if you need more detail.

I have purshase of those routers and both are not working after 3 months... The SPI solution is acceptable since it's an important feature that the product is supposed to offer when you buy it ...

Looks like this hardware or firmware needs attention from Cisco... I'm sure i'm under warranty but I'm a bit scared of installing this device in the future.

Ben