Saturday, November 13, 2010

Bill's Recommendations - Cisco RV-120W VPN Firewall Router

A few weeks ago I purchased a Cisco RV-120W VPN Firewall Router based on it’s advertised features and unbeatable price. The unit was brand-new, first release. Now I know that you should never buy the first release of a product but I fell into the trap of promised features. Here is my story.

I received the unit and was surprised at how small the unit was. I un-boxed and began to setup the unit using my laptop. After reading some of the documentation to make sure I was proceding in the right direction I was amazed at how easy the SSL-VPN was going to be to setup. I finished the setup in about 15 minutes using the data I collected from the business I was going to deploy this to and began testing on my home network. Everything went well for over a week, no problems. Then came the deployment day.

I had not issues deploying the unit, all the settings were pre-configured so it was pretty much a drop in and ready to go network upgrade. I then trained the person in charge of doing first line support on how to setup the SSL-VPN client on client machines. After running through some tests of the WiFi network and other services, I was confident that everything was going well and the project was completed. The only thing I found that was bad was 1 port on a 24 port switch had died, and was no longer usable. Good thing this office only had 5 computers now and not 23. I got excited too soon.

It wasn’t even a week before I recieved a call from one of the users stating that they were getting strange “Page Cannot Be Displayed” and random other errors when more than a few websites were open. It effected everyone on the network, not just one user. I was at first suspecting intermittent connection problems related to the bad switch port I discovered during the deployment. I did some troubleshooting from my home using the SSL-VPN client that came with the unit and had no issues connecting. I began to do some web surfing on their server and openend up a few websites, the final one giving me a 404 error. Odd. I then connected to another workstation, same issue. Very odd. Time to do some research.

I searched the Cisco support forums and Google for articles related to this issue and found an article that matched the issue to a T. Turns out that you have to disable the UDP Flood option, which enabled by default on the current revision (12 I think). I guess 25 UDP connections TOTAL are all that Cisco found fit to allow on a small business network. In my case, on a small 4 computer 1 server LAN, only a couple of pages per client could be opened simultaneously. Cisco FAIL.

This was an easy fix, although annoying, easy to fix problem. The client noticed the change almost immediately and was happy. Then a call comes in a few days later. Now another new issue has cropped up. Corrupted e-mail attachments. Dropped RDP connections (wasn’t experiencing those)

Now I went back and did some more searching, finding another article on Cisco’s support forums. Seems that others are having the same issue, and that there is no known fix for it. .

Strike two. In my world, your outta there! I called the customer back, apologized for the trouble and took a trusty WRT54G DD-WRT-enabled router down there the next day. I ended up sending back the Cisco RV-120W to newegg for RMA and began the process of finding a solid replacement. I found one that did everything I needed it to do, minus the SSL-VPN client (I went with another solution that was easier for the client) and that product was the Asus RT-N12 router. I installed DD-WRT v24 SP2 on the unit, and it has been running solid ever since. It's also a very nice router with the stock firmware as well.

I have been really disapointed with the product that Cisco put out with the RV-120W series small business VPN router. I fell into the trap of the brand and features, as well as the attractive price. As of right now, I consider the RV-120W to be junk and not worth buying until the Cisco engineering team can fix these issues without creating new ones with a solid firmware release/upgrade. Until then, I do not recommend this unit to anyone.