Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1191
Views
10
Helpful
7
Replies

Two Bad RV042G's in a row

Go to solution
newkansan
Level 1
Level 1

‎10-23-2012 06:12 AM

First one purchased started up okay, then during initial setup, the router lights started flashing repeatedly and could not get it back up again.  Tried unplugging, holding reset button in for 30 seconds, just could not get it back up.  So I did a straight exchange.  This second one has been (comparatively) much more stable.  However, within 24 hours, the web interface becomes inaccessible.  I must power cycle the device in order to be able to log back in.  In addition, the email logs have not worked at all unless I manually hit the "Email Log Now" button.  While configuring on the Log page, I had it lock up on me twice (forcing a power cycle to get back in).  I have set the log time threshold to 10 minutes but have yet to receive an email unless I go in and hit the "Email Log Now" button.  I am still in my window for replace/refund, I'd like to know if it would be worthwhile to exchange it again, or should I get a refund and wait for a couple of firmware updates before trying this model again?  I have an older v2 version of the RV042 that works very well.  I bought the RV042G for redundancy; to have it replace the RV042 as well as keep the RV042 as an emergency spare that I could just plug in and have work, since configuration between the two is nearly identical and both have the same VPN config, etc.

Advice?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ryan Hendriks
Level 1
Level 1

‎10-24-2012 04:17 AM

I had the same issue with my RV042G which I bought new. suddenly I couldn't login anymore and had to reset it by unplugging the power.

Then after adding some forwarding rules it became a mess with the rules.

Then I have reflashed the unit with the latest firmware (which is identically as the fw which was on the unit) downloaded from cisco.com

Now it is working till now...

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Ryan Hendriks
Level 1
Level 1

‎10-24-2012 04:17 AM

I had the same issue with my RV042G which I bought new. suddenly I couldn't login anymore and had to reset it by unplugging the power.

Then after adding some forwarding rules it became a mess with the rules.

Then I have reflashed the unit with the latest firmware (which is identically as the fw which was on the unit) downloaded from cisco.com

Now it is working till now...

0 Helpful

Go to solution
newkansan
Level 1
Level 1
In response to Ryan Hendriks

‎10-24-2012 06:30 AM

Thanks Ryan.  I didn't think to try that because, as you said, the firmware it came with was the latest version already.    Unfortunately, I was running out of time on my refund policy and didn't want to get stuck with a faulty device, so I sent it back before receiving your answer.  I'm going to wait a firmware revision or two and purchase again at that time.  Hopefully Cisco works these bugs out by then.  It sure seems that the initial shipments of these to resellers is really buggy.

I've never had this high a percentage of bugs and quirks in a router before the RV042.  It's definitely got a personality of its own.  For example, if you're using VPN, restoring a settings backup to the router will not work with the VPN--you must manually reprogram your VPN settings in for it to work (this on my RV042, I don't know if it applies on the RV042G).  Just reading across the problems here really indicates a lack of quality control on the small business line.  I expect lower QC on a consumer line, not a business line (even if it is "small" business).  Also on the RV042, email logs only seem to send out after you reboot the router a 2nd time after setting up, and occasionally emails will just STOP sending out.  Rebooting the router will start the logs emailing out again.  And the email logs on the RV042G appear to be completely broken, only  sending out when you manually press the "Email Log Now" button.  And lastly, the RV042G responds to pings at ports 0 and 1, and does not allow firewall access rules on port 0, so there's no way to stealth port 0.  Fortunately, you can make an access rule to deny all traffic to port 1, which will stealth that port, keeping it from responding to ping requests.  And port 443 is wide  open to the outside world (presumably for VPN).  You have to manually set access rules to block it off.

Fortunately, there are enough things to like about this router (VPN performance is by far the best in its price range) that sysadmins just need to learn the quirks and work around them. 

0 Helpful

Go to solution
Ryan Hendriks
Level 1
Level 1
In response to newkansan

‎10-24-2012 06:36 AM

I do not understand this port 0 and port1 thing. And I should make a firewall deny rule that no https connections can be made from the outside WAN's ?

0 Helpful

Go to solution
newkansan
Level 1
Level 1
In response to Ryan Hendriks

‎10-24-2012 06:44 AM

Well, you can't do anything about port 0.  It is considered "reserved" and has no official use, but can still provide an entryway into the router, but the RV042G will only allow access rules starting with port 1, so you're stuck leaving it alone.

To stealth port 1, go into firewall access rules and click Service Management.  Create a service on TCP port range 1-1 and add to list and save.  Then create a rule that Denies Port 1 service you just created on source interface WAN1 (and WAN2 if you use it) with source and destination IPs set to Any.

Edit:  test your ports at grc.com, Services->Shields UP! before and after to confirm the changes you made work.

Go to solution
newkansan
Level 1
Level 1
In response to Ryan Hendriks

‎10-24-2012 06:53 AM

Sorry, I missed your 2nd question.  Regarding port 443, first test on Shields Up! and confirm it is open.  If you're using QuickVPN, you will have to force it to use port 60443 since closing 443 will not let QuickVPN connect on that port.

There are two ways to stealth 443:

1) got to Setup->Forwarding and set a forwarding rule to forward TCP 443 to a non-existent IP in your LAN.  Just ping whatever IP you chose to make sure it is not used, and remember never to set a static IP to that address.

2) set up an access rule in the firewall to deny 443 from source WAN1/WAN2 from any source and any destination.

Go to solution
Ryan Hendriks
Level 1
Level 1

‎10-24-2012 07:07 AM

Thanks Tim for these excellent answers!

I have at the moment 23 forwarding rules, if I add a new one now in the service management it overwrites the last one I added, isn't this also a weird thing? You should be able to add 30 rules and it is not possible to even change the default existing rules you never use.

So I'm stucked now to add some more and I also posted this here in the support board but no answer at all what or how this happens.

Also a question I have made about the protocol binding stuff. I want FTP to go through WAN2 but this protocol binding doesn't work.

It's a bit annoying me that they do not come with answers at all from the Cisco team.

I wonder if they simulate this themselves now and if it is a bug put it in a new firmware.

0 Helpful

Go to solution
newkansan
Level 1
Level 1
In response to Ryan Hendriks

‎10-24-2012 07:20 AM

Ryan,

I only have 11 additions to the Service Management settings, so I don't have experience with what you're going through there.  I also have no experience with your protocol binding question...:(  Sorry...

I wish you the best with getting answers!

Tim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents