cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

3051
Views
10
Helpful
21
Replies
Olaf
Beginner

RV130W - VPN spontaneously blocks traffic

I have two sites with a RV130W router, they connect the sites with eachother through VPN.

Both routers run the newest firmware: version: 1.0.3.14. They both are directly connected to the internet (i.e. WAN-port has public IP)

The VPN has no special firewall rules or anything, it is configured to let all services through.

clients at both sides are connected to the lan side through a unmanaged switch.

Normally, when the routers start fresh, everything functions perfect, but after a while (sometimes hours, mostly 1 to 2 days) some network services/routes are spontaneously blocked.

examples:

client on site 1 cannot connect to fileserver through VPN, but can ping the fileserver. All other clients on same site are using filesharing at the same time and are ok. After router reboot, client can magically connect again. 

PBX on site 2 cannot connect to PBX on site 1 anymore. pinging is ok but all other services fail to connect. after rebooting router on site 1 still same problem. after another reboot router on site 1 everything is ok.


When these problems occur, i see the following:

The client sends packets away, gets no answer and keeps retransmitting until time-out occurs. 
The server on the other side doesnt receive any packets the client originally sent. I confirmed this with wireshark at both ends.
The logs on both routers do not show any ACL blocked or other signs that something is not allowed, just business as usual.

I have tried numerous things, like adding and allowing the blocked path and service in question to the firewall access rules, including logging. The log doesnt even show the access rule being triggered, it is like it doesn't even happen.

when problems occur, sometimes rebooting the router on site1 fixes it, sometimes rebooting the router on site 2 fixes it. sometimes it takes multiple reboots on both sides before it is fixed. 

After this reboot, it is just a question of which service will begin to fail next. Sometimes it is RDP, sometimes Samba, sometimes VOIP.

Please help me, I am now forced to rebooting the routers almost every day which annoys the users on 2 locations as all there connections are killed and phone calls are terminated. Also we are completely unreachable for minutes at a time.

1 ACCEPTED SOLUTION

Accepted Solutions
gary00000
Beginner

This seems to be a common problem with this model.  So far, Cisco has done nothing.  My solution was to replace one of my two, with plans to replace the other one soon (NOT with a Cisco product).

View solution in original post

21 REPLIES 21
gary00000
Beginner

This seems to be a common problem with this model.  So far, Cisco has done nothing.  My solution was to replace one of my two, with plans to replace the other one soon (NOT with a Cisco product).

View solution in original post

I wish I read all this before. I purchased the RV130W last week to update from RV110, and it's exactly as described.

Updated to latest firmware 1.0.3.16, but no improvement.

Still filled up logs with "Fail to delete IPv4 ARP entry" and "mDNSResponder: ERROR: getOptRdata - unknown opt 4".

Dropped site to site connections that can only be fixed by reboots.

Absolute waste of money.

Cisco has never acknowledged (as far as I know) that there is a problem with this model.  They just keep releasing firmware updates. Maybe one day it will actually work as advertised.

If anyone wants to upgrade to 1.0.3.22 friendly suggestion DO NOT UPGRADE.

I just Just upgraded to 1.0.3.22 and opened the can of worms.

Not working again, switching back to 1.0.2.7, I'll try to work on the fix, but can't promise as I'm busy.

But as long as you get 1.0.2.7 working don't bother upgrading.

Check out the ping test.

Thank you

Fotis

Return them, while you can.

two options here:

Buy overpriced and oversized 'heavy duty' cisco equipment, it will function, it will be at a price.
Buy a small business solution from another brand that, unlike cisco, does give a  ........   about these smaller units.

Edit:

Cisco does not seem to understand that many customers do not experience these problems immediately, but after a period of time, rendering the chance to return them to the supplier next to none.
These units will one day flood the second-hand market, and disappoint many more.

Hi everyone,

It seems as Cisco doesn't have an answer on this issue.

BUT I DO.

Let me just start by saying that I'm not Cisco certified although I have been using  Cisco equipment.

Most importantly I LOST MY JOB because of these damn stupid VPN routers. (Thank you Cisco)

I love troubleshooting so when my work fired me they literally through one of these machines on my head.

As im a very persistent person when it comes to troubleshooting, the last 3 months I have been trying and trying and spend hours trying to find out WHY.

Something obviously that maybe Cisco should've been doing.

Now the answer to everyone's headache.

First of all download the 1.0.3.16 firmware.

When connecting two RV130's together instead of using the IP's to make them talk to each other use the FQDN option that is available.

That will solve the drop outs.

I'm in the train now and I'm using my phone  to write this.

Later on today I'll create a step by step tutorial.

Kind Regards 

Fotis

Wow, that's terrible!  Cisco should hire you in their qa department to help fix these products.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Thank you for your kind words Samir,

Look I'm not saying that Cisco don't know how to solve this issue, truth is when I made my post 3 months ago Cisco did contact me but it was too late.

I had already lost my job, and as you can imagine I was really angry at them as their product was the only reason I'm still unemployed.

So I didn't respond to them because I was ... angry.

When I was asked to purchase VPN routers I said to my employer Cisco and I don't take NO for an answer.

Although my employer didn't want to spend alot of money, they went on with my decision since I was persistent with the Cisco products.

The rest is history...

I can understand that anger. I'm actually surprised you were able to come back here and shared your solution. I might have been too angry for that.

The worst part about your story is that there is a saying in the IT field--"no one every got fired for getting Cisco."

Sadly, that no longer holds true unless it's the enterprise equipment one is referring to.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Hi Fotis,


We already use FQDN, as both ends have a dynamic WAN IP address. So we use DDNS FQDN addresses.
The DDNS updates are working well, and the IP address changes only every 48 hours, so I think it's not related with the floating public IP as the problem can happen any time.
I've contacted the Cisco tech support. They first suggested me to upgrade gradually to 1.0.3.16.
I think as a last resort, I will factory reset both routers, upgrade to 1.03.16 and cross fingers.
We've kept the 1.0.2.7 version because we use FQDN only for each endpoint address. Could you confirm this option is still available in newer firmwares ? During configuration tests, we updated to 1.03.14 and I think the FQDN option had disappeared (only IP address was available). This is why we reverted back to 1.0.2.7

Regards,
Thomas

Hi cisconext, please check my post.

Thank you

Fotis

Hi everyone,

I've made a very quick tutorial nothing flashy, since I promissed that I will do it today, and I have added an image with 5 active VPN connections as a proof.

Please check attached files.

I have spend thousands and thousands of hours, troubleshooting these routers so, If the tutorial doesn't work for you, let me know what the issue is and I'll try and assist you further.

I have tested the routers with slow speed internet connections and I've managed to get them working again, but there are a few things that you'll need to check.

But first go through the tutorial.

Also in some cases where you need to run applications between a server and a remote location, you might see the VPN's connected but the application not working.

Let me know, there is a solution to such issue as well, I just don't want to write it here so we can only focus on VPN connections.

PS.Please post here and let me know if your settings work.

Kind Regards

Fotis

Hi Fotis,

Thank you for the detailed tutorial.
At step 3, could you confirm FQDN for remote endpoint is still available (instead of IP address) ?

Yes, check my attachment cisconext.

Before you do anything take a backup of your Router, that way you got nothing to be affraid off.

In regards to the version 1.0.2.7 I have tested my settings, I did have minor dropouts but when I was troubleshooting, Cisco released 1.0.3.14 which was very stable.

One of my VPN connections was actually running 1.0.3.14 till a few days ago when I upgraded to 1.0.3.16.

If I get sometime over the weekend I will do a test on 1.0.2.7