cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest Cisco news in this December issue of the Cisco Small Business Monthly Newsletter

6765
Views
5
Helpful
11
Replies
Highlighted
Beginner

RV042 "Connection Refused - Policy Violation"

Hello

I'm having some trouble with my companies RV042 rev3, (Firmware version v4.2.1.02),being used as an internet gateway.

Access to the internet slows right down and eventually freezes, (blocking access to the internet), once or twice per week.   Rebooting fixes it (for a while.)

I’ve noticed lots and lots of “connection refused – policy violations” in the log.  I get hundreds, thousands of these policy violations every day. I’m thinking that the router eventually just gets overwhelmed by them and crashes.  I have included a jpg showing a small portion of the system log.  See "RV042 System Log1.jpg"

I’m confused about what these policy violations are. The packets are all from internal, (LAN), IP address to external IP addresses. I have included a jpg of my firewall settings.  See "RV042 Firewall general.jpg"

I tried disabling SPI and “Block WAN Request” but it did not change anything.

I have not created any rules to disallow anything so the default rule allowing all LAN traffic from any IP address to any IP address should allow these packets to pass should it not?  I have included jpg's of my firewall access rules and port forwarding.  See "RV042 Firewall access rules.jpg" and "RV042 Setup forwarding.jpg".

What policies are being violated? Is it because all the refused connections are for non-standard ports? I understand the forbidden domain entries in the log because I've blocked access to Facebook.com and myspace.com using content filter in the firewall.

I’ve tried resetting to factory default and then re-configuring from scratch but it makes no difference.

Everyone's tags (3)
11 REPLIES 11
Beginner

RV042 "Connection Refused - Policy Violation"

I, too, am getting hundreds of these entries.  I am concerned because we have had virus activity on some internal computers. I am running same model and firmware.

Under Firewall tab:

     General: Firewall, SPI, DoS, Remote Mgmt, HTTPS are Enabled; Block WAN Request and Multicast passthrough Disabled

     Restrict Web Features: Access to HTTP Proxy Servers is selected/blocked

How do I tell what policy is being violdated?

The log entries for "Connection Refused - Policy violation" are all shoing  TCP : various ports -> VariousExternal IP: (either port 443 or 80)

Advocate

RV042 "Connection Refused - Policy Violation"

This likely is not fixable.

A lot of time the policy violation errors are a result of TCP sessions that do not terminate generating a lot of log messages.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Contributor

RV042 "Connection Refused - Policy Violation"

For what it's worth, this also happens with the rv016.  I've just setup a script to reboot them once and day.  That's my fix until we can afford to replace them with some other routers.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Beginner

RV042 "Connection Refused - Policy Violation"

Samir does the RV016 have SSH access? They removed it from the RV042 and I'm wondering what type of script you're using to reboot.  I wanted to do the same thing but short of using a timed outlet I can't think of how to accomplish it.

Thanks!

- Sorry, I know this is a few months old.

Beginner

RV042 "Connection Refused - Policy Violation"

Have look here:

https://supportforums.cisco.com/thread/2161638

I'm a little sick in the meantime, another piece of expensive plastic trash in my Cisco collection:

4x WRVS440n, 1x RVS4000 and now, tadaaa

1xRV042G...

A lot of features (internet access rules, local network overview, block of P2P/IM) have been eliminated and now this trashy logs (besides frequently collapsing VPN tunnels).

WELL DONE, Cisco!

Contributor

RV042 "Connection Refused - Policy Violation"

That's a lot of equipment.   What do you plan to do with it?

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Beginner

RV042 "Connection Refused - Policy Violation"

Wanna buy? Shipping only to European address, payment in advance...

Contributor

RV042 "Connection Refused - Policy Violation"

I'd be highly interested, but I'm in the US.   All I have to do is set up some VPN links, so these would probably work okay with a rebooter.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Contributor

RV042 "Connection Refused - Policy Violation"

The rv016 does have some hidden features including an ssh.  I thought the rv042 might have the same, but I know the hardware is different vs the 16 and 82.  Still, if you want to try my script, send me a message.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Beginner

RV042 "Connection Refused - Policy Violation"

We're seeing on average 30-35 of these messages written to the log of our RV042 each minute. Our system has 20 NAT clients and an average daily throughput of 50-60GB/day across two WAN connections. Aside from the fundamental problem these messages represent and the unnecessary overhead of logging them, it makes the RV042's connection log virtually useless. We've tried resetting to factor default configuration and rebuilding, deleting all user-configurable rules, and operating in single-WAN mode. None of these make a difference. The "Connection Refused - Policy violation" messages just keep on appearing.

Beginner

RV042 "Connection Refused - Policy Violation"

After some other, minor issues, including this thread:

https://supportforums.cisco.com/thread/2158826?tstart=30

(especially the part with the product review of a feature not implemented in the firmware)

MY solution for this problem:

http://www.applianceshop.eu/index.php/firewalls/opnsense-ghz-pfsense-appliance.html

Bye-bye, Cisco!

Open-source, non-NSA software ahead...