I just installed one RV220W in my network, in routing mode (not NAT) using on WAN port public Ip 193.111.184.xxx and on LAN side on IP from my company public C class (18.104.22.168). It's working, but main ang huge problem is than Router is changing any IP coming from intenet with it's own 212.100.143.xxx IP, which mess up everything (logs, counters, etc).
It was using 22.214.171.124 firmware, I switched to 126.96.36.199 but nothing changed.
Also I have a VPN - gate to gate with another location (RV042), and all computers from other side of tunnel reports same router IP 212.100.143.xxx when accesing servers from my side, which also is bad.
Previously I user an RV082 for this joB and everything was great, except 100 Mb WAN/LAN ports of RV082, which I will use until get Rv220W working right.
Any idea is apreciated.
I have changed this weekend from a DSL using a Linksys by Cisco WAG54G2 to a Cisco RV220W Small Business Router and just found out the same problem. This is serious for me, for one, it completely destroys SPAM blocking with DNS blacklists.
This is how it looked when using the linksys:
Apr 9 03:18:17 vanroodewierda postfix/smtpd: connect from 189-041-10-204.xd-dynamic.ctbcnetsuper.com.br[188.8.131.52]
Apr 9 03:18:18 vanroodewierda postfix/smtpd: NOQUEUE: reject: RCPT from 189-041-10-204.xd-dynamic.ctbcnetsuper.com.br[184.108.40.206]: 554 5.7.1 Service unavailable; Client host [220.127.116.11] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=18.104.22.168; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<189-041-10-204.xd-dynamic.ctbcnetsuper.com.br>
There is a second nasty effect of this. My machines on the LAN are protected by a firewall. This firewall has different rule sets for the LAN (192.168.x.x) and for the rest.
WIth the translation by the RV220W of all external IP's to an internal one, all external traffic has now become elevated to 'internal' status.
One other possible effect (apart from what a firewall thinks) is that if for instance your mail server only relays for the internal LAN, any host on the internet has now become 'the internal LAN' and in effect your RV220W has turned your mail server into an open relay on the internet. This is not what Cisco wants to promote, I think.
I had a look at a lot of info, and it starts to look to me that the RV220W not only hides the LAN form the WAN, but also the other way around. So, an SMTP-client from the outside will be translated to the inside IP address of the router (e.g. 192.168.1.1) and a free port will be found for the mapping.
If you cannot turn this off, it seems to me a terrible error.
Yes, blacklist, spam , etc are off using RV220W. You should see my mail server with more than 250.000 spam mail in queue:(
Another strange behaviour is if you have static route added to RV220W on LAN side and you are using Microsoft ISA Server, as changing IP will cause ISA to block traffic.
Sadly but true, Cisco Rv220W is on a shelf waiting for better days, and, hopefully an answer and solution from CISCO.
It sems to me that the RV220W is doing NAT both ways. It does not only hide the internal net from the outside, but it also does hide the external net from the inside.
For me, I cannot put it on a shelf. This is my only router which I bought for my migration to another IP. So, either this gets fixed real soon, or I have to return the item and buy an alternative.
I have returned the router and decided not to bother with Cisco Small Business Routers for the foreseeable future. Too bad. Hardware wise, this is a neat package. Software wise it is so immature that it is in need of some serious Cisco corporate attention, lest it (and others of this software base) significantly start to hurt Cisco's brand image.
Same situation here, my mail server see all the email as if they were coming from the RV220W, i had to disable most of the ant spam cause exchange was rejecting email (Sender ID for example), the strange thing is that i have a RV120W deployed in another site and the problem is no present.
Is the problem known by Cisco? We have to upgrade most of our site vpn router and I would love to deploy the RV220W but with this bug it’s impossible!
This is what the headers looks like:
Received: from ABTS-North-Dynamic-22.214.171.124.airtelbroadband.in
(10.88.88.254) by dh-ms5.xxxx.com (10.88.88.25) with Microsoft SMTP Server
id 14.1.289.1; Wed, 4 May 2011 13:53:49 +0200
Received: from [126.96.36.199] (account email@example.com HELO
ABTS-North-Dynamic-188.8.131.52.airtelbroadband.in (CommuniGate Pro SMTP
5.2.3) with ESMTPA id 304829780 for ....
Got in touch with Cisco, give them remote access to router, also config file and network topology (yesterday, 03.05).
Now waiting for something good to come out. Will inform you.
Great, the bug is so obvious i just can’t imagine that they could miss it. Let’s just hope they don’t take too long to release a fix.
It might come from the ProtectLink Web or the VPN SSL (where the port forwarding is mentioned) cause it’s the only difference with the RV120W
Can't they fix this it's a very stupid bug i can't understand how such a bug could make it on a sisco product, i’m having other kind of problems related to wsus and ActiveDirectory /dns because of that.
How can I report this further I’m not familiar with the process ?
Bad news is that "support" cannot reproduce error in their lab, and their conclusion was that is something wrong with my network. Funny, no?
Yes, I am dissapointed too. I am back on old RV082.
To report you have 2 opttions: call support on phone numbers listed for your country or web.
Ok i have reached the support; they will try to reproduce the problem.
Meanwhile on my side I’ll try to setup an easily reproducible scenario for them.
But I can confirm that the bug is general, I mean it also append in site to site ipsec tunnel, all the computer that goes thru the vpn and end up in the LAN part after the RV220 seems to be coming from the RV220 ip itself.
It renders RPC connection completely unstable and broke the Active Directory replication and the DFS-R on my remote site.
I’m back on the RV082 too, I keep you informed