Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1206
Views
5
Helpful
5
Replies

rv130 access rules

lliefkens
Level 1
Level 1

‎02-28-2017 08:06 AM - edited ‎03-05-2019 08:07 AM

I Use a Cisco RV130 small business router for the protecting my network. My internal network is accessible for specific external networks.
Within the RV130 router firewall I set up access rules to allow access to specific network ports from these networks. (see the list at the bottom of my question) The last 4 access rules were put in to block all other external traffic from using the service ports in question.

Everything worked perfectly until I did a firmware updateon the router to the latest version (1.0.3.22) 2 days ago.

Now when the block rules are enabled all external traffic is being blocked from using the service.
The only way for me to get thing working again is to disable the block rules but this causes a vulnerability in my network
because the specific services are now open for all external networks.

Can anyone help me resolve this issue?

Access Rules

 Always allow Rsync-2 Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow FTP Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow RTRR Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow Rsync-2 Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow Rsync-2 Enabled Inbound (WAN > LAN)  x.x.x.x x.x.x.x Always  
 Always allow Rsync-2 Enabled Inbound (WAN > LAN)  x.x.x.x x.x.x.x  Always  
 Always allow RTRR Enabled Inbound (WAN > LAN)  x.x.x.x x.x.x.x Always  
 Always allow Rsync-2 Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow Rsync-2 Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow All Traffic Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  
 Always allow All Traffic Enabled Inbound (WAN > LAN) x.x.x.x x.x.x.x Always  


 Always block Rsync Enabled Inbound (WAN > LAN) Any x.x.x.x Always  
 Always block Rsync-2 Enabled Inbound (WAN > LAN) Any x.x.x.x Always  
 Always block RTRR Enabled Inbound (WAN > LAN) Any x.x.x.x Always  
 Always block FTP Enabled Inbound (WAN > LAN) Any x.x.x.x Always

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎02-28-2017 08:42 AM

Hello,

the bug below might apply. The workaround is to downgrade to 1.0.2.7, or to disable the block ACL.

RV130x: Block Access Rule blocks traffic that should be Allowed
CSCuz56638
Description
Symptom:
- If an Allow ACL has been configured to allow traffic from a specific host/network and then a Block ACL is configured, the Block ACL will block traffic that is supposed to be Allowed
- This is seen even when Allow ACL is ordered first

Conditions:
- Allow ACL is configured
- Block ACL is configured
- Seen in 1.0.3.14

Workaround:
- Disable the Block ACL
- Downgrade to 1.0.2.7

0 Helpful

lliefkens
Level 1
Level 1
In response to Georg Pauwen

‎03-01-2017 02:18 AM

Hello Georg,

Thank you for your reply. I will do a downgrade to different previous versions of the firmware asap to see whether or not the issue has been resolved. I will get report back once the FW downgrades have been installed.

Ok just to give you an update.

You were spot on with your solution, only when downgrading to version 1.0.2.7 thing started working again.

Unfortunately every 1.0.3.x firmware has this issue.

Hopefully Cisco wille Resolve this issue in future firmware updates for the RV130

Thanx for your help

0 Helpful

verhageyp
Level 1
Level 1
In response to Georg Pauwen

‎08-22-2017 04:28 PM

Hi All,


I can confirm this ACL bug to (CSCuz56638) in many of the last firmware versions, even the last one 1.0.3.28 still has this bug!.
I had also many issues with the original factory based firmware, most isues where fixed in 1.0.3.XX.
But in 1.0.3.XX there is this ACL bug and for this i was forced to go back to the old firmware. But they had other problems like;
1.0.2.7: i have single port mappings and access rules enabled, when i click on re-order and want to move access rule 45 to place 34 and i click save then the rv130's webserver crashes and a reconnect fom the webbrowser does not work anymore. a reboot of the device is then required.

further 2 request for the engineering department;
1)
in all firmware versions with the inside WAN/LAN allow access rule, i can specify only a single ip and not a range of ip adresses. it would be very handy to allow this function.
without this i have to make many single rules, one for every ip.

2)
a single port mapping does now allow by default a port to be open for every one.
better is to seperate those so that for every single port mapping an access rule is required and it's not opened by default to the world.

Regards,

Sander Eerkes

0 Helpful

DomoT
Level 1
Level 1
In response to verhageyp

‎03-27-2018 02:55 PM

I have five of these on the latest firmware with a similar problem. Cant downgrade them without visiting the sites because the firware upgrade buttons are all greyed out

0 Helpful

verhageyp
Level 1
Level 1
In response to DomoT

‎03-27-2018 03:03 PM - edited ‎03-27-2018 03:04 PM

Yes, i know. In the lastest firmware the problem still exist, but no sign of Cisco... :-(

@cisco please fix this problem that already exist for a long period of time (to long)

Customers Also Viewed These Support Documents