01-08-2021 10:47 AM
Hello All,
I currently have a 1GB symmetric internet connection through my ISP which uses a PPPoE login for its connection. I am using a Cisco RV340 as my router / PPPoE dialer and am running 1.0.03.20 firmware. I have a problem when I go to web URL https://admin.mailroute.net (IP 199.89.0.117). The main website https://mailroute.net works fine, but as soon as you click login you get redirected to the above. Topology is very basic:
ISP > Cisco RV340 > Client
The setup on the router is fairly basic right now, just have the PPPoE setup on the WAN, and not much else.
I have tried:
-Dropping MTU to 1400 (just in case it was MTU issue with PPPoE overhead)
-create static access rule to permit all (default canned is also set to permit all traffic)
-If I switch to a different vendor router with PPPoE this URL works fine.
-Downgraded to a firmware about 2 years old and tried the latest firmware within the past few months was released, same issue.
-Factory reset cisco router and performed basic setup again, same issue.
I'm at a loss, any input appreciated.
EggHead
01-08-2021 11:30 AM
Hello,
is that a problem with just that one website ? I am wondering if that is PC specific...do you also get the redirect when you access the site from a different computer ?
01-08-2021 11:37 AM
Hello,
So far it's just this one website that I've found. I have tested on multiple PC's, mostly windows 10, and also on a Windows 7 VM. Most windows 10 machines are on 2004/2009 update. I'm 99% sure it's not a PC issue. I did a port mirror on the uplink WAN port, and also a port mirror on the LAN side where a pc connected and found:
1. PC sends SYN up to website
2. Website responds with SYN/ACK
3. Firewall WAN port receives the SYN/ACK
4. Lan port never forwards back down the SYN/ACK to the client
01-08-2021 12:14 PM
Hello,
what if (in case it is enabled) you turn the firewall on the RV340 off, and the Windows firewall as well?
01-08-2021 12:25 PM
Hello,
With windows firewall + Cisco RV340 firewall disabled, still having the same issue. I should also note I do not have any additional licensing for the RV340 so all the additional IPS / Web Filtering features are disabled.
01-14-2021 02:09 AM - edited 01-14-2021 02:10 AM
I have a similar issue
I have several URLs where SSL is very slow or never replies.
RV340 PPPoE -> 550Mbps line
Interestingly, the site that doesn't load on a windows device does load on an iOS device!!
tried adjusting MTU and turning firewall off etc...still no joy. it is weird the site loads on an iphone but not on a PC - will try OSX when i get a moment
Do you find the same?
Russell
01-14-2021 05:44 AM
Hi Russell,
I've kind of noticed some sites will hang while loading and I have to refresh to get them to actually load. I have tried the https://admin.mailroute.net on my iphone 8 but it still won't load on that. Haven't found any other sites that will not load so far other than that specific one. I've had this router for about a month now.
I've see some other treads mentioning the RV340 will not allow through asynchronous traffic such as if you're using dual WAN and a packet goes out WAN1 and returns on WAN2, but that's definitely not the case with my setup as I'm only using WAN1 port.
CrazyEggHead
01-14-2021 06:44 AM
Hi CrazyEggHead,
OK - so get the same issue here
That page https://admin.mailroute.net does not load behind my RV340 but loads fine elsewhere, also page doesnt load on iPhone XR so there is clearly something chopping or messing the SSL response.
Single WAN link, no dual links configured etc...
GOing to dump the output to syslog and see if anything stands out
Really need to be able to raise with Cisco directly
Thanks
Russell
01-14-2021 08:21 AM
01-14-2021 08:46 AM
interesting as this is what I am seeing in the logs
FIREWALL: DROP PACKET is not associated with an existing connectionsIN=eth3.100 OUT=ppoe-wan1p DST_MAC=10:f9:20:13:a9:3a SRC_MAC=:c4:9d:ed:1e:7e:1d src=192.168.2.105 DST=3.10.95.11 LEN=41 TOS=0x00 PREC=0x00 TTL=127 ID=61417 DF PROTO=TCP SPT=9227 DPT=443 WINDOW=510 RES=0x00 ACK URGP=0 MARK=0x100
it seems to suggest the session is being dropped or lost by the firewall or NAT before the reply comes back
01-14-2021 08:55 AM
That dest IP of 3.10.95.11 looks to be solarwinds. I thought I had picked up the mailroute drop packet messages but after checking the destination IP I never saw any drop packet messages from the mailroute IP address.
01-14-2021 09:02 AM
That is one of many! I get for google DNS 8.8.4.4 for example
Its always TCP 443 sessions that are getting dropped or broken in this way nothing else it seems!
01-14-2021 10:03 AM
OK - I have raised a case with Cisco TAC - going to see what they say on the matter and let you know if we get anywhere
01-14-2021 10:52 AM
Awesome, thanks so much. Will be interested to see what they come back with.
02-16-2021 11:40 AM
Russell,
I decided to get rid of the Cisco RV340. I just wanted things to work without hassle. Went with another Vendor router and all my issues are gone. Hopefully you can make some headway with Cisco so the firmware eventually gets patched to fix this behavior for the sake of you and others.
CrazyEggHead
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide