Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
3
Replies

rv320

thomasstadel
Level 1
Level 1

‎04-02-2014 11:26 PM

Hi

I have a RV320 with firmware 1.1.1.06.

I get a lot of "Connection Refused - Policy violation" in my SysLog on outgoing connections:

#warn<4> Connection Refused - Policy violation: IN=eth0 OUT=eth1 SRC=192.168.7.103 DST=X.X.X.X DMAC=XXX SMAC=XXX LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4363 DF PROTO=TCP SPT=59208 DPT=80 WINDOW=16450 RES=0x00 ACK FIN URGP=0

Even though I have no rules denying these connections.

Another thing that it very weird, if I create a rule allowing lan any ip to any destination as rule no 1, I'm not able to access the internet.

AllowAll Traffic [1]LAN192.168.1.1-192.168.1.255AnyAlways
1 person had this problem
Labels:
0 Helpful
3 Replies 3

matthew1471
Level 1
Level 1

‎05-16-2014 12:33 PM

Check the "Content Filter" under Firewall also.. they perform like rules.

0 Helpful

Ernie-of-Earth
Level 1
Level 1

‎06-26-2015 12:34 AM

I recently received my warranty replacement for the RV320.  Left it running 2 weeks to see if the errors I had returned (not so far).

However today, I connected it to the Internet.  I have no rules, no configuration beyond setting the IP and VPN.  When reviewing the log a few hours later, I find a few dozen of these entries, which seem to be all pointing to Google's IP's.  Every 30 minutes.

Only one computer (the one sending the packets) is connected.  It must be sending this request, however I cannot determine why the router is blocking it.

Jun 25 23:23:32 2015Connection Refused - Policy violationIN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.132 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18699 DF PROTO=TCP SPT=1107 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jun 25 23:24:10 2015Connection Refused - Policy violationIN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.132 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18704 DF PROTO=TCP SPT=1107 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jun 25 23:52:58 2015Connection Refused - Policy violationIN=eth0 OUT=eth1 SRC=192.168.89.100 DST=173.194.33.142 DMAC=b8:38:61:5d:23:88 SMAC=00:0f:b0:0c:dc:46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=18958 DF PROTO=TCP SPT=1108 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
0 Helpful

matthew1471
Level 1
Level 1
In response to Ernie-of-Earth

‎06-26-2015 06:31 AM

Could be an ACK FIN for a connection that the device believes is not actually established (missing SYN or SYN-ACK).

See post at bottom : https://supportforums.cisco.com/discussion/11786826/rv042-connection-refused-policy-violation

Out of interest are you seeing much packet loss? Missing packets could cause this.

0 Helpful
Customers Also Viewed These Support Documents