>>> In your solution, should I keep everything on LAN or can I use WAN? <<<
in my solution it should be possible to connect clients both to LAN ports on the RV320
and LAN ports on the provider router (WAN network 192.168.2.0/24 )
>>> then clients moving from one access point to another will lose connection, require new IP, etc, which is not desirable. Right? <<<
Yes that is correct when moving from the provider AP to your own AP they will get an address in another subnet like 192.168.3.0/24 . This need not be a problem, unless a lot of moving occurs. But as clients tend to cling to the connected AP s long as possible moving will be limited and primarily when you physically move them.
... View more
First: The settings for each side of the VPN depends on the IP address of your links. If both are IP, dynamic settings are similar. Second: Yes in the remote group configuration item, brand security gateway configuration should be "IP by DNS Resolved". Third: Using a dynamic DNS service the only configuration to be done is a host name and domain to be used for the router's WAN interfaces.
... View more
I had an issue with my RV320 that it suddenly stops answering DNS queries from my LAN. I just found out that a new firmware was released last month (v184.108.40.206), and one of its "known issues" is bug id CSCus07365 according to the release notes:
Sometimes the DNS process is gone and can not reply the DNS request from LAN network.
Solution: Check if you have enabled DNS local database feature on RV320/325, disable it, and then configure and save the WAN setting page again.
From that description I am not sure if this is a one-time issue after upgrading (so that I should disable and re-enable it), or if this is still a current issue and it will be better to keep away from DNS local database at all until a new firmware is released.
Thanks in advance!
... View more
I've downloaded it, but not yet installed it. I'll try installing it in the next hour and start testing all the issues I've had with it. I've had this RV320 sat on my desk as an expensive paperweight for 6 months now.
Release notes says SSL VPN component expiration is still an known issue, so still needs a workaround which leaves IE open to malicious code as it requires that unsigned controls are allowed to be downloaded and run - putting the router in the trusted sites zone will help to mitigate the impact of this requirement, but it's still an undesirable option.
Apparently virtual passage should now work on Win7 64bit IE10 and Win 8.1 IE 11, I'll be testing that to confirm as that was one of our biggest stumbling blocks.
if(webagent.indexOf("msie") != -1 || webagent.indexOf("rv:11") != -1)
// w_poen_virtual_passage=window.open('/virtual_passage_install.htm?' + 'VPTunnelMode=' + document.getElementById("tunnelMode").checked,'virtual_passage_install','menubar=no,width=705,height=505,status=no,resizable=no');
// document.location.href='/virtual_passage_install.htm?' + 'VPTunnelMode=' + document.getElementById("tunnelMode").checked,'virtual_passage_install','menubar=no,width=705,height=505,status=no,resizable=no';
if(webagent.indexOf("msie") != -1)
window.parent.frames['virtualpassageFrame'].location.href="/virtual_passage_install.htm?VPTunnelMode=" + document.getElementById("tunnelMode").checked;
It looks like it was set up to allow IE11 at some point, but then that code is commented out and the if statement added to display a warning that IE is required if using IE11. Here's the default user agent string for IE11 on Win8.1:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
So the release notes are blatantly wrong, as they clearly state that Win8.1 IE11 is supported for SSL virtual passage, here's the quote:
Support SSL VPN virtual passage for Win7(64bit) IE10 and Win8.1 IE11.
And seems to fail with IE10 on Win7 64bit, I've enabled download of unsigned controls and it prompts to install the XTunnel_WOW64.cab file, but it doesn't do anything after that. Pretty sure this is because you can't install drivers that are unsigned in Windows 7 without adjusting registry settings to allow it and turning this "feature" on opens the entire system up to yet more malicious code. The only real solution is for Cisco to release another update with controls and drivers that don't use expired certificates. Time to ask for my money back due to false advertising as the SSL VPN is still being touted as a feature of the RV320/325 and it has no hope of working with a currently supporting Windows system.
Where's the facepalm emoticon?
... View more