Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RV220W LAN-LAN firewall drops - fw

I noticed a strange "feature" after I upgraded from firmware to on my RV220W.

My internal network is  I have an OpenVPN server on the internal net with a routed setup that hands out addresses to clients on, and pushes a static route to the network.  The RV220W also has a static route back to the subnet.  All worked perfectly fine with

After upgrading to, I could still connect OpenVPN, and I could ping any address on the internal network.  However, the minute I tried to do something like RDP to a host on, nothing would happen.  Packet traces revealed that the packets were successfully making it through the tunnel to the target RDP host, and it did respond to the packets, but the replies were never seen at the VPN client.

I then noted that the RV220W firewall logs indicated it was dropping the return packets.  I don't have the exact message, but it stated that it was DROPing a LAN - LAN packet from to<highport>.

I then reverted to with a factory reset and restored my config.  All is working again.

I'm happy to go through this again and do more troubleshooting, but this seems like a major bug.  The firewall should not be dropping LAN - LAN traffic, regardless of subnet, since there is no capability to write LAN - LAN access rules.



RV220W LAN-LAN firewall drops - fw

Hi Andrew, thiere is actually LAN to LAN access rules on the firewall configuration. It's a relatively new feature that's been out about a year or so.

Please mark answered for helpful posts

-Tom Please mark answered for helpful posts
New Member

RV220W LAN-LAN firewall drops - fw

Tom, thanks for the response.

I'm aware of the VLAN-VLAN rules, but there is no way I can see to write a simple layer 3 rule.  The problem is that my OpenVPN client subnet is not represented in a VLAN, since it is just a tunnel interface on one of my servers and is not a real network tied to any physical interface.  The OpenVPN server itself serves as the router between this subnet and the real LAN.  All I need the RV220W to do is route return traffic for the 10.12 back to the OpenVPN server's IP.  That's the piece that works in, but not in

Thanks - let me know if I'm missing something here.



RV220W LAN-LAN firewall drops - fw


I understand what you are doing, I once used the exact same configuration with an RV220W at home and it worked perfectly. I would be interested in knowing if some other part of your configuration is breaking the route. If possible, back up your configuration, upgrade the firmware, reset to defaults and reconfigure only what you need for the OpenVPN server. Test and see if it works. If it does, reconfigure your other settings and test. If not, you should open a case with support and have this reported as a bug.

- Marty

New Member

I had the same pb, static

I had the same pb, static routes created and firewall drops to these statics routes, the router was with the, i tried to find a solution, but i didn't any ways to solve it, so i revert the firmware with the, and it works now.
Everybody has to know that each fimrware for this router is bugged.


RV220W LAN-LAN firewall drops - fw

Glad reverting firmware fixes the issue for you.  Rule of thumb on smb routers is to NOT upgrade firmwares unless you have to.  Every manufacturer has various bugs in each version, so you find the one that works for you and stick with it until you have to buy something else.

Or drop some serious money and get an enterprise grade router that doesn't have these issues.

Huntsville's Premiere Car and Bike e-magazine:

Huntsville's Premiere Car and Bike e-magazine:
CreatePlease login to create content