RV110W warnings on RDP, RDP fails

Unanswered Question
Apr 25th, 2012

Hi all,

I have an RV110W running firmware 1.1.0.9 that is working fine with VPN clients.  However, one client cannot use VPN and I'm trying to set up some simple port-forwarding to allow RDP to a specific machine inside our network (IP address 10.143.193.2). 

The tl;dr questions are:

1) Where can I find explanations of what a warning means in the logs on an RV110W?

2) Why isn't traffic from my server making it back out from our network to the originating RDP client when it seems I have configured everything to allow this to work?

The details:

I have a firewall rule that says this.  (Note, I've tried restricting the services to just RDP but expanded to all traffic as part of my testing.):

Firewall Rule.jpg

And a port forwarding rule that says:

Port Forwarding.jpg

But I keep getting these errors when testing the RDP from *anywhere* at all.  Searching these forums and the internet at large for the reason these are warnings and what to do has been fruitless.  However, these will show up for any attempt I make to connect.  Also, there were rules for each of these IP addresses that show up as warnings to allow access to the 10.x.x.2 destination.  It seems that the problem is traffic isn't making it back...and I'm stumped now.

On my home network, I went so far as to disable all firewalls and still no joy...just these same warnings. 

Any idea why my RDP connection is failing?

Warnings.jpg

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
GenevaMatt Wed, 04/25/2012 - 17:12

I have also been reviewing the Windows firewall rules, but they look correct.  Also, I made sure logging was enabled on the server and I don't see it denying any traffic...  Any help folks could provide would be appreciated.  If nothing else, I'd just like to rule out the warning messages on the RV110W.

rmanthey Fri, 04/27/2012 - 06:45

Hello Matt,

Don't use both ACL and Port forward on the Small Business routers the forward will be enough to get the traffic through the firewall.

Hope this helps.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

GenevaMatt Fri, 04/27/2012 - 10:09

But wouldn't that mean I'd have an RDP-forward open to the entire internet?  Soooo, anybody could attempt to RDP into the server on my internal network?

That's a concern...I really don't want the entire internet to be able to knock on my server's door...just allow a few select IP addresses that I hardcode into the device.

GenevaMatt Mon, 04/30/2012 - 07:40

Here's the closest I've come to making it work with a port-forward and access rules...it worked for at least a day but then stopped sometime over the weekend (as of this morning, it fails to work).

  1. I reset the router to it's default settings.
  2. I upgraded to the 1.2.0.9 firmware.
  3. I enabled VPN and created the users. 
  4. Enabling VPN set my DHCP to a 10.x.x.x subnet, which was expected and I created static addresses for a few devices that needed them.
  5. I defined an RDP service for 3389.
  6. I created the inbound access rule from the external IP address range for the RDP service I created.
  7. I created a inbound access rule to DENY all traffic.  I made sure that this was last in the list of rules.
  8. I created the port forward for RDP.

...and it worked.  To confirm this with a test, we added a second rule for a different single IP to be sure that the rules were processing correctly.  As I added and deleted, and also enabled and disabled, the rule for the single IP we used to test, the logs showed appropriate allow/deny messages.  And, if the "DPT=" field in the logs is the port, we also saw this consistently report as 3389 for these attempts.  Hurrah...for 24 hours or less.

This morning?  We are getting the same WARNING messages that DENY traffic from IP addresses in the range that worked on Friday.  And, just like before when it wasn't working...which is every day but Friday...the DPT= value is back to 3394.

This is a real "What the heck?!?!?" moment.  It worked.  Then it didn't.

My confidence in this device is nearing zero. 

Both last week and this morning, I had a friend who is Cisco certified check what I've done and a MSCE look over the Windows server to be sure I'm not missing anything or setting things up to fail.  Both are as stumped as me...especially after our testing on Friday afternoon.

I've invested a ton of time trying to make this work.  At this point, even if I can't return it, I'm ready to go back to Amazon and leave a review recapping this experience and buying a competitor's product based upon the recommendation of the people who helped me this morning.

If anybody has any advice, it would be greatly appreciated.  And, if this device is simply broken, it would really help if Cisco just owned up to the fact so that other people don't wind up in this same position.

itcconcepts Sat, 05/05/2012 - 08:47

I have a RV100W back in its box for similar reasons.

It was in place at a small site (10 users), basic setup with <10 port forwarding rules and <10 firewal rules. It works for anything upto a week before it starts ignoring the rules. However a reboot normally sorts it.

We waited for the new firmwire but it has not sorted it, its not heavy enough to hold a door open, so it's useless.

John

Actions

Login or Register to take actions

This Discussion

Posted April 25, 2012 at 7:44 AM
Stats:
Replies:5 Avg. Rating:
Views:1630 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 1,091
2 369
3 181
4 83
5 80
Rank Username Points
5
5