cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

4390
Views
15
Helpful
27
Replies
Highlighted
Beginner

RV340 hang when using VPN site-to-site

Hi. 

 

For +5 years I manage a farm of various RV routers with VPN site-to-site. Around 700 locations connected to HQ , at the beginning with Linksys routers then under Cisco brand. RV042, RV042G , RV320, RV082, RV016, all of then are online 24/7/365.

With every launch dual-wan+vpn device I replaced few working routers and become more or less a "tester", eager to get the increased performance and stability. 

RV320 was released with a broken firmware regarding VPN connections: if using more than 2-3 VPN tunnels suddenly hangs. I opened a case and it took more than 6 months to see a working firmware while I put my infrastructure at Cisco disposal to investigate and test. 

When RV340 was announced I was glad, the 100 Mbps VPN barrier was exceeded. I ordered 5 RV340 and 3 RV345, waited  3- 4 weeks for delivery and.... RV340 has also a broken firmware regarding VPN connections: it suddenly hangs, down not respond to ping, does not load interface , no traffic, nothing. It can work for 1 day to 10 days, but for sure it will hang. For more than 2 months I still insist using RV340, but I think next step is RMA . It's the same behavior that RV320 had ! I am using RV340 only for 9 VPN  tunnels over MPLS lines, no other traffic thru this unit. All 9 MPLS connections cumulated are about 100 Mbps and most important router is freezing during working hours BUT also on night hours when traffic in ZERO.  

I somehow contacted Cisco Romania, they told me that I am not the only one complaining.

I tried to open a case by phone on Cisco, the guy asked for service contract and I don't have one. 

 

If somebody else run into same problems please share . 

 

Best regards,

27 REPLIES 27
Highlighted
Beginner

Hi.

 

More news. More bad news. 

It seems that VPN failover feature is broken too. What is working on RV042/G/RV320 does not work on RV340. 

One tunnel was defined with WAN1(RV340)- to - WAN1(remoteRV042) as main and failover to WAN2(RV340)  - to - WAN2(remoteRV042).  When WAN1(remoteRV042)  failed VPN tunnel does not resume on WAN2-WAN2 failover option. Using RV042-RV320 on same "everything" is fine, failover bring up connection . 

 

Hope than one day Cisco will fix RV340. Maybe I will have some until then. 

 

Best regards

 

Highlighted

Hello Catalin,

I'm sorry to hear that you are experiencing issues with the RV340 model.

I'd advise to call our support centre  so we can take a look at the VPN tunnels and failover feature  and provide a solution.

Thanks,
Kris

 

 

Highlighted

I have the same issue!  "Dead Tunnel Syndrome" I call it, where tunnels become corrupted and start blocking traffic.  The only way to clear it up is to reboot the RV34x router.

 

I have three RV340 sites and all three are exhibiting the exact same symptoms.  The RV042's these replaced NEVER did this; their tunnels were always solid.

 

On occasion, one RV340 site even corrupts its PPPoE WAN connection, requiring that I send someone to manually power cycle the router.

 

This is all indicative of buggy firmware.  Instability was obviously introduced when Cisco rewrote parts of the RVxxx firmware, VPN in particular.

 

CISCO:  PLEASE FIX YOUR FIRMWARE!!!

Highlighted

Hi

Regarding PPPoE, I had same issue. When PPPoE was set only on IPv4, after soft reboot of router it never connect again, only cold restart helps. (on port it seems connected but never receive IP) But I found that when I set same setting for both IPv4 and IPv6, it connect and seems working.(IPv6 is not used) Hope this helps.

 

Highlighted
Beginner

This is the same problem I have on a single site to site VPN on a pair of RV340w routers. I have tried different IPSEC configs and they all hang. I have to manually drop the VPN connection (even through it says its up its not) and start it up, this re-establishes the VPN and I am good for a day or so (at worst this was occurring 3-4 times a day). I enabled https so I can log on and disconnect/reconnect the vpn remotely, power cycling the router also re-establishes the VPN. As of the November 2017 firmware update this issue is still ongoing. Today I applied the latest update and am crossing my fingers that Cisco finally gets this issue resolved.

Device Model: RV340W
PID VID: RV340W-A-K9 V01
Current Firmware Version: 1.0.01.18
Latest Updated: 2018-03-28,20:22:38
Latest Version Available on Cisco.com: 1.0.1.18
Latest Checked: 2018-03-28,20:35:0

 

 

I have tried several configs and this one seems to keep the VPN connected the longest about 1-2weeks

 

IPSEC PROFILE
Policy Type: Auto Policy
Phase1
DH Group: Group5 – 1536
Encryption: AES 128
Authentication: AES128
SA Lifetime: 86400
PFS: Disabled

Phase2
Protocol: ESP
Encryption: AES 128
SA Lifetime: 3600
Authentication: SHA1
DH Group: Group5 - 1536

SITE TO SITE SETTINGS
IKE Authentication
Keep Alive 10 sec

Highlighted

Hey, thanks for the heads up about the new FW release.  We are experiencing the exact same symptoms as I'm sure others have from what I've read.  I call it "Dead Tunnel Syndrome" for lack of a better term, where the router negotiates successfully but creates a corrupted or blocked tunnel.  Release notes for 1.0.01.18 doesn't elaborate but does loosely describe it (we hope).

Would you mind posting an update on whether the new firmware is working ?  It sounds like it reproduces more frequently for you.  - Thanks

Highlighted

Since updating to firmware  version 1.0.01.18 on  3/28/2018 the  site to site VPN  has not dropped. Its only been 3 days so I won't have a definite answer until after two weeks as the VPN has stayed up a maximum of 2wks before.

I have another client running a site to site with a cisco ASA 5505 at one office and a RV340w at another,  the tunnel drops there as well. I applied the firmware update on the RV340w. 

If they continue to fail I will try the suggestion by budwlkr and rollback to the original firmware.

 

I will update in two weeks.

Highlighted

Thanks dude.  Really appreciate it.  I'll keep my fingers crossed and hope your tunnels stay up.  Hear from you in a couple of weeks. 

Highlighted

It was going fine for a few weeks but this week the issue returned. The new update did not fix the issue, the problem persists.

Highlighted

Thanks for the feedback.  Yes, consensus suggests that this latest FW hasn't properly addressed  tunnel corruption and instability.  Cisco really screwed the pooch by drastically redesigning the RV340 VPN.

 

I too have been running the new FW in one site for 5 weeks now and although it's too early to say, tunnels appear to have stayed up.  Plus the router hasn't needed a reboot which suggests there may be an improvement in overall stability.

 

According to my findings, I get better success by setting the RV340 as 'initiator' and the remote routers as 'responder'.  This tests the RV340's ability to establish a healthy tunnel and maintain it, which it can only do if in the 'driver's seat'.  So far, knock on wood, this appears to be working at least in one site.  If set as a 'responder' however, any router can wind up with a corrupt tunnel depending on the VPN flaws of the other router, of which most have their quirks.

 

Nonetheless, I do agree that Cisco still has a lot of work ahead in debugging the RV340 series.

Highlighted

Let's see, how long has Cisco been in this business?  There is zero excuse for this kind of issue in a business product.  As I mentioned prior, I placed 10 in service and all have this issue even after the .18 update.  I've been dealing with it almost a year!  Do yourself a favor and avoid this product (Maybe even Cisco).  Back to Zyxel UTM series which have been flawless for me with every new release 110-310 series.

Highlighted

Let's see, how long has Cisco been in this business?  There is zero excuse for this kind of issue in a business product.  As I mentioned prior, I placed 10 in service and all have this issue even after the .18 update.  I've been dealing with it almost a year!  Do yourself a favor and avoid this product (Maybe even Cisco).  Back to Zyxel UTM series which have been flawless for me with every new release 110-310 series.

Highlighted
Beginner

So I have been searching support forums and blog sites for answers and solutions for Site-to-Site VPN issues on RV340 and keep coming up with no resolution. This is what I found and what worked for me to get my Site-to-Site VPN working!

 

After getting my router configured one of the first things I do is to update to the latest firmware by downloading directly from Cisco via the router I am currently working on. I found the other day that when I had imported a configuration file, which had been downloaded from one of my operational RV340 routers to a new RV340, all was well until I changed the IP for my vLan1. At that time the router worked fine as far as Internet access, etc. but I could not access the admin configuration GUI. After a couple of hour of frustration and resets I ended up importing a config file from a router which had not had the firmware updated in order to finalize my configurations on my new router.

That's when I decided to test my Site-to-Site VPN and low and behold ... it worked!

These routers ship from factory with Firmware Image 1.0.00.33 and so far everything seems to work with that image, but once I update to 1.0.01.17 ... well you know the rest!

 

Hope this helps someone else and "CISCO, PLEASE GET THIS FIXED"! We need these firmware updates for security concerns but we also need everything to work once they are downloaded and installed.

Highlighted
Beginner

All,

 

I have experienced this since the release of the product.  Deploying 10.  All fiber vpns and all have at some point hung up freezing the router with no option other than to power cycle. This issue has not been fixed in the latest..18 release I've experienced already. I've been in this business a long time and manage many larger firms..  do yourself a favor and replace these pieces of s***.

 

I never should have changed from Zyxel.  Their USG series are the  most reliable UTM's I've ever used in 10+ years.  I thought I would give these a try but never Cisco again.