Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


RV220W Hair-pinning

I'm having the same Hair-pinning issue as in this post

Do you have any idea if and when a new firmware is going to come out that address it and or the PPTP VPN issue?

Between this issue the PPTP issue and the fact that I can not get my Blackberry Playbook to connect to the IPsec VPN I'm thinking about returning the RV220W and going with another.




The hair-pinning is not working for many other ports e.g. 900, 13000, 1023, 24

Using the LAN address to these closed ports makes it possible to capture SYN packets at the server.

When using the WAN IP they are disappearing, probably in the RV220W.

Also a telnet to the closed telnet port 23 returns faster than to the closed port 24.

BTW port 13000 is OPEN and responding on the LAN address. There is a port forwarding rule defined  for this port.

You probably have PPTP server enable, when you do so it completely mess the referral address and everything that goes thru the router seen to come from his address, Was not fixed in the last fw I got from support (

I’ sorry to say but with the rv220 my opinion from CISCO have dropped a lot the RTM fw is completely unacceptable..

The PPTP server was enabled (and not used), but disabling it made no difference.

An IPsec tunnel is used and source addresses through that one are OK. Disabling it made no difference.

This is with the software.


v1.0.2.4 is now an official Firmware release.  there are many known issues all listed in the released notes.


Regards Simon

The RV220W hair-pinning problem is back

Firmware Version

I just made a minor change to the firewall and then all access from the LAN using the public IP-address was directed to the router itself.

The method of manually doing edit/save each of now 40 rules did not solve the problem.

Next then save and restore of the configuration (followed by a reboot) did not solve the problem.

However, I had forgotten that the access rule

Always Allow Any Enabled Inbound (WAN (Internet) > LAN (Local Network)) -

fixes the problem, but it is a bad solution suffering from security risks.