RV082 firewall - strange problem

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by and247, Sep 6, 2005.

  1. and247

    and247 Network Guru Member

    Hello all,

    I have very strange problem when setting up firewall access rules on RV082. Any help from someone who better understands how this firewall works would be greatly appreciated.

    Here is my configuration:
    - RV082 with firmware
    - WAN1 connection PPPoE, IP address a.b.c.129/
    - WAN2 unused
    - RV082 LAN IP: 192.168.1.d
    - LAN:

    There is one special computer (let's call it X) on LAN, which for some reasons that I cannot influence has to have IP: a.b.c.130. It should be accessible only via VPN from remote computer Y (it has public IP address lets say e.f.g.h). This client-to-gateway VPN is therefore configured to have local group one IP: a.b.c.130. For this to work there is also static route (a.b.c.130/, gw:, if: LAN) on RV082.

    When this VPN is connected, packets from remote computer Y connecting via VPN with destination IP a.b.c.130 are correctly routed to computer X.

    With only default firewall access rules, also packets from computer X to remote computer Y are correctly routed and allowed via VPN. To achieve this, there is a static route on X (IP addres of Y/, gw: a.b.c.129).

    Now the problem: when I setup another access rule, which is exact copy of one of the default access rules (Allow, All Traffic [0], LAN, Any, Any, Always), then everything works except for packets from X to remote Y. These packets are dropped by the RV082 firewall.

    Of course I do not need to have another default rule, however I need some other rules, which block WAN access from LAN and these rules also block packets from X to Y. I thought I would add a rule to allow X to Y packets, but these were still being dropped. By testing I have found out, that any allow rules (even the above mentioned copy of default allow rule) causes packets from X to Y to be dropped by firewall.

    I understand, that the configuration is rather uncommon, but I think it should work. Or at least, adding a copy of the default firewall access rule should not cause blocking, which did not occur with only default firewall rules.

    Any suggestions would be greatly appreciated. I will answer any questions if you need more information about my network setup.

  2. and247

    and247 Network Guru Member

    Solution - firmware

    If anyone is having the same or similar problem, the solution was to install new firmware - There was an issue, which was fixed, this is its description from the changelog:

    6. Modify Access Rule mechanism: Do not keep tracking session state on LAN rule.
    ** Purpose: Attempt to solve following two problems:
    (1) Incoming IPSec packets could be dropped if setting an Access Rule as [Allow, All traffic, Any to Any, LAN interface].
    (2) PC was unable to access remote management if setting an Access Rule as [Allow, All traffic, Any to Any, LAN interface].
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice