SmallNetBuilder

Follow SmallNetBuilder
Follow SmallNetBuilder on TwitterConnect On Facebook Google+Get the SmallNetBuilder RSS Feed
You are here: Wireless Wireless Reviews Cisco RV220W Wireless Network Security Firewall Reviewed - VPN, VPN Performance

Cisco RV220W Wireless Network Security Firewall Reviewed - VPN, VPN Performance

Print E-mail
<< Prev - Page 3 of 4 - Next >>

VPN

As Tim mentioned in his performance review, one of the RV220W's main attractions is its flexible VPN features, including IPSec, SSL, and PPTP.  You can create an IPSec Site-to-Site VPN tunnel with the RV220W to another router and you can remotely connect to the RV220W via an IPSec tunnel using Cisco's Quick VPN software. 

If you're not an IPsec fan, you can remotely connect to the RV220W via an SSL VPN tunnel, which supports Microsoft Windows 2000/XP/Vista, 32 and 64-bit/Windows 7, and Mac OSX 10.4+.  Finally, you can remotely connect to the RV220W using Microsoft's built in PPTP software.  I tested all of the remote solutions using 64-bit Windows 7 as my OS.

I used the VPN Wizard on the RV220W to set up a Site-to-Site IPSec VPN tunnel with a NETGEAR SRX5308 to test a Site-to-Site VPN tunnel with the RV220W.  The settings on the tunnel on both sides were Main exchange mode, 3DES encryption, SHA-1 authentication, DH Group 2, and Perfect Forward Secrecy (PFS) enabled.  Figure 6 is a screenshot of the RV220W's IPSec VPN connection status page.

IPsec connection status

Figure 6: IPsec connection status

I used Cisco's Quick VPN software, available on Cisco's website, to test remote client IPSec VPN tunnels.  As with the RV120W, IPSec client setup is a matter of installing the software on the PC and creating a user name and password on the router.  Once complete, you click Connect on the PC software, and you're connected as shown in the RV220W.  Figure 7 is a screenshot of the RV220W's QuickVPN connection status page.

QuickVPN Connection Status

Figure 7: QuickVPN Connection Status

As I've stated before, I'm a fan of SSL VPN connections for their simplicity, and the RV220W is no exception.  Remotely connecting to the router via the SSL VPN client was easy, since I didn't have to install client software other than the drivers that are automatically installed on the first connection to the router. 

I did have to enable SSL VPN Server on the RV220W, as well as create an SSL user name and password, which was simple.  Figure 8 is a screenshot of the RV220W's SSL VPN connection status page.

SSL Connection Status

Figure 8: SSL VPN Connection Status
Updated 9/6/2011: Win 7 SSL VPN test update

I reported success with SSL VPN functionality in my review of the Cisco RV220W with the Windows 7 64-bit operating system. Since then, there have been posts to our forums with folks having problems with the RV220W SSL VPN and Win 7 64, which has led me to retest SSL VPN on the RV220W and write this update.

The first thing I did was default the RV220W and update the firmware to the latest version, 1.0.2.4. I then re-enabled and retested SSL VPN with the same PC I used for the RV220W review back in January. The steps I followed are below.

1. Enable remote access via the Administration-Management Interface-Web Access menu.
2. Add an SSL VPN user name and password via Administration-Management Interface-Users.
3. Start up IE64bit in Admin Mode, add the RV220W's WAN IP address to the IE trusted site list, and set IE trusted site security to low.
4. Browse to https://WAN_IP_ADDRESS.
5. Click on VPN Tunnel, select SSL VPN Tunnel Client Installer/Launcher.

As before, my Win 7 64 PC quickly set up an SSL VPN connection. I further tweaked the RV220W settings for Split Tunnel Support and added an additional subnet to the VPN tunnel, all worked well. The screenshot below is from a Win 7 64 PC.

SSL Tunnel VPN Connection Status

Figure 8a: SSL Tunnel VPN Connection Status

I then tried SSL VPN on a newer PC, also running Win 7 64, and was unable to connect to the RV220W via SSL VPN! I poked around with browser security settings and other tweaks, but no joy. I continuously received the message "Error Virtual Passage Installation Failed!" I did a Google search on this error message and could see there are numerous posts on various forums for this error.

So why did SSL VPN work with one Win 7 64 PC and not the other? I noticed on both Win 7 64 PCs I had a Virtual Passage interface, but there was a difference. On the working Win 7 64 PC, the Virtual Passage interface showed an ISDN channel - Virtual Passage SSLDrv Adapter, circled below, which was missing on the non-working Win 7 64 PC.

Virtual Passage properties

Figure 8b: Virtual Passage properties

Windows Device Manager showed the Virtual Passage interface uses a Cavium Networks driver, which reminded me that I used the working Win 7 64 PC to test the NETGEAR SRX5308 awhile back. Both the Cisco RV220W and the NETGEAR SRX5308 use a Cavium CPU and Cavium software for SSL VPN connectivity. (A little more poking around revealed that Cavium acquired the Virtual Passage software from a company called MenloLogic.)

I then attempted to set up an SSL VPN connection from my newer Win7 64 PC to the NETGEAR SRX5308. The Virtual Passage installation succeeded.

With Virtual Passage successfully installed in my newer Win 7 64 PC via the NETGEAR SRX5308, I tried connecting to the Cisco RV220W, and it worked. Below is a screenshot showing the Windows 7 64 Control Panel System page and a successful SSL VPN connection to the RV220W on a Win 7 64 PC.

Successful Win 7 64 bit SSL connection

Figure 8c: Successful Win 7 64 bit SSL connection

Thus, it seems my original test with SSL VPN on the RV220W and Win 7 64 in the review worked because I was using a PC that had previously installed the Virtual Passage driver from a NETGEAR router.

I solved the Cisco RV220W problem by installing the Virtual Passage driver with a NETGEAR router. But that obviously doesn't help those who don't have an extra SSL VPN-capable NETGEAR laying around. We'll notify Cisco of our observation and hopefully we'll see a resolution soon.

End of 9/6/2011 update

To complete the gamut of RV220W VPN options, I tested a remote PPTP connection.  Although the least secure of  remote connectivity options, PPTP is a useful and also simple option that doesn't require installing client software or drivers on a Windows PC.  On the RV220W, enable the PPTP server and add a PPTP user and password.

Adding a PPTP connection is done via the Set up a Connection or Network option in the Networking section of the Windows control panel.  Once there, create a new VPN connection, enter the destination IP (or Dynamic DNS name) and ensure you've selected PPTP as the type of VPN.  Right click and select Connect on your new connection to establish the tunnel.  Figure 9 is a screenshot of the RV220W's PPTP VPN connection status page.

PPTP connection status

Figure 9: PPTP connection status

VPN Performance

Cisco rates the RV220W at 90 Mbps for IPSec VPN throughput and 25 Mbps for SSL VPN throughput.  Cisco's RV220W spec sheet doesn't provide a throughput rating for PPTP tunnels. But it does list VPN capacity for up to 25 Site-to-Site tunnels, 25 Quick VPN tunnels, 5 SSL tunnels, and 10 PPTP tunnels.

I tested the RV220W's VPN throughput with iperf using default TCP settings, with a TCP window size of 8KB and no other options.  I ran iperf on two PCs running 64-bit Windows 7 with their software firewall disabled.  All tests were done over a Gigabit network.   (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)

Table 2 summarizes my VPN test results.  The first row is a baseline, showing throughput between my two PCs over a Gigabit LAN on the same subnet.  The next rows show throughput using the Quick VPN connection, the SSL VPN connection, and the PPTP connection.  I also added my results from testing of a previous router, the  Netgear SRX5308, which I'll explain shortly.

Test WAN-LAN
(Mbps)
LAN-WAN
(Mbps)
Baseline 334 353
Quick VPN (IPSec) 38.3 49.3
SSL VPN 0.72 12.5
PPTP VPN 16.3 14.1
SRX5308 VPN Throughput
IPSec VPN 38.1 42.6
SSL VPN 0.72 13.2
Table 2: RV220W VPN Throughput Test Summary

The Baseline shows my two PCs can send data between each other in either direction at over 300 Mbps, thus neither are a bottleneck.  With one PC moved to the WAN side of the RV220W and connected via a VPN client, I then measured throughput via each of the VPN clients solutions.

As you can see, I measured 38.3-49.3 Mbps using IPSec, .72-12.5 Mbps using SSL, and 16.3-14.1 Mbps using PPTP.  Compared to Cisco's ratings of 90 Mbps for IPSec and 25 Mbps for SSL, these numbers are lower than expected.  On the plus side, IPSec throughput of the RV220W nearly doubles that of the RV120W's 25 Mbps.

Interestingly, the IPSec and SSL VPN throughput on the RV220W very closely match the throughput numbers of the NETGEAR SRX5308.  In my review of the SRX5308, I measured 38.1-42.6 Mbps using IPSec and .72-13.2 Mbps using SSL.  Looking at the components of the two routers, the similar performance makes sense, since they both use the Cavium CN5010 CPU and Broadcom BCM53115 Ethernet chip.




Related Items:

New To The Charts: Cisco RV042 Dual WAN VPN Router
Cisco Adds Small-Biz Switches, VPN Router, More
Cisco RV180 VPN Router Reviewed
NETGEAR FVS318N ProSafe Wireless-N 8-port Gigabit VPN Firewall Reviewe
Cisco RV042 v3 Dual WAN VPN Router Reviewed

User reviews

View all user reviews

Average user rating from: 10 user(s)

NOTE! Please post product reviews from actual experience only.
Questions, review comments and opinions about products not based on actual use will not be published.

User Rating    [Back to Top]
Overall: 
 
3.0 Features :
 
3.0 Performance :
 
3.1 Reliability :
 
3.0
 
Ratings (the higher the better)
Features*
 
Performance*
 
Reliability*
 
Comments*
    Please enter the security code.
 
 

Sadly I have to I admit I lost my time and money with this router

Overall rating: 
 
1.0
Features:
 
1.0
Performance:
 
1.0
Reliability:
 
1.0
Reviewed by careful_reviewer
August 27, 2013
Report this review
 

I'd like to share the issues I had with this router - it might help other prospective buyers to decide.

I bought this router in 2011 in order to replace my old DLink, hoping that a "small business router" will perform better ...

I've updated with latest firmware (latest version is 1.0.4.17, released more than one year ago).

The main issue with its web pages is the slowness. Big slowness on access / change anything in these Web pages. Any change applied is followed by a waiting period (seconds) in order to succeed.
A side effect of this is the "automatic refresh". This happens when displaying the "status / dashboard" pages. The automatic refresh happens every 9 seconds or so and it is not configurable. So I was looking to a page full of information, trying to quickly read as much as I could in those 9 seconds interval (because during refresh time the page content is removed). Very frustrating. Imaging you are reading a Web page which is removed every 9 seconds, with a gap of 5 seconds when you see a progress bar. Who is the User Interface / System Analyst which designed this UI ?

I tryed to encourage myself saying that not all the day the user is using the router Web pages, what is the most important is how this device handles its tasks in the network.

But here, Cisco grossly disappointed me.
Several times each day this router was doing a re-boot. The time was pretty random. You can imagine all users in my LAN having the network access cut (WAN and LAN). Everybody was looking at me - I am the "SysAdmin" for that network.

The next step for me was to look on Internet to see if I am the only one with this issue.
I tried to Google "RV220W re-boot" and I saw that I am not alone. A lot of places where people complained about this.

This is an example you may want to read:
https://supportforums.cisco.com/thread/2195130 (Title: RV220W rebooting at random intervals).

There is no resolution for this issue at this moment.
All kind of workarounds are proposed on forums, such as:
- downgrade to the oldest firmware 1.0.1.0 (what a shame, Cisco!)
- disable some firewall settings in "Firewall/Attack prevention/LAN (Local Network) Security Checks" ( disable Block UDP, disable "Block Fragmented Packets") - I did all of these with no effect
(Cisco claims that the re-boot is a legitimate action router takes to block an attack from WAN, so we need to lower the firewall security to avoid reboot!)

Looking on their Web site I learned that
to get support for Cisco you have to purchase a service contract !

The last straw was when I tried to create a thread on Cisco support forums (the only place where I could hope for free support - I am not a business, just a private user with its home computer(s)). The signup process was very slow when I submitted the form data (what kind of Web servers + software is running there - I had to wait seconds and seconds for the form submit to succeed?)

After I finally created the user, and activated it using the received E-mail, I was unable to login.
The message was:
Your login was unsuccessful for one of the following reasons:
•You entered your user ID and/or password incorrectly. Please try again.
•You recently registered or reset your password and our systems are updating your information. Please try again in 5 minutes.

The coolest advice was "... our systems are updating your information. Please try again in 5 minutes"! He he he...

I can assure you I tried again and again 5 minutes after 5 minutes with the same result. Even now, days after registration, the same "... our systems are updating your information" is displayed.

Anybody can try to create an user name and see on its own.

To summarize:
- random reboot multiple times a day
- slow Web UI + annoying refresh - usability irritation
- miserable non-paid support (basically non usable)

I wasted so much time and energy until I had to acknowledge that I lost my two hundred and something I paid for this piece of hardware. I have to put is in the correct place: the e-waste recycle bin.

For me Cisco looks like a big corporate with chaos inside, but no danger for loss since it sells a lot for enterprise systems (Cisco phones etc.). So the "home user" has no significant place in this picture.

 

VPN assymetric speed

Overall rating: 
 
3.7
Features:
 
4.0
Performance:
 
3.0
Reliability:
 
4.0
Reviewed by Oleksiy
April 18, 2013
Report this review
 

Some days ago I got two RV220W devices to test VPN perfomance and got the strange results. I built site to site VPN , IPSec preshared key.
A) AES 256/SHA512/DH Group 1536 Incoming speed Mbit/s 17,07 Outgoing-34,14
B) AES 256/SHA1/DH Group 1024 Incoming speed Mbit/s 33,83 Outgoing 77,66
C) AES 128/SHA1/DH Group 1024 Incoming speed Mbit/s 34.69 Outgoing 78,00

I did not expect to see assymetric speed.
Suppose Cisco knows why? :)


 

I would not recommend this router

Overall rating: 
 
3.3
Features:
 
3.0
Performance:
 
3.0
Reliability:
 
4.0
Reviewed by Doc T
April 10, 2013
Report this review
 

Usin the latest firmware atm (1.0.4.17) the router seems fairly stable to me..

However, I would really not recommend this router to anyone..
Looking at the firmware change log, the firmware still contains many bugs..

The VPN functionality is close to impossible setting up (I have not managed to do so for now)..

Cisco has not provided any VPN client for Mac OS X users, and the IPsec VPN is not compatible with iPhone/iPad (which was the main reason why i bought this router)..

If you do not need VPN functionality, you should definitely not buy this router..
If you really need VPN functionality that badly, you should definitely go for a more professional solution..

I chose this router because of the Cisco brand.. However, it looks like they have ditched their Small Business series..

 

Lacking in Development of good firmware

Overall rating: 
 
3.3
Features:
 
5.0
Performance:
 
3.0
Reliability:
 
2.0
Reviewed by linksysinfo
August 27, 2012
Report this review
 

TBH this router could have been great except for allowing Team F1 to develop the firmware for this device.

Issues:

Frequent Random Reboots
DHCP Server slow at times.
WebGUI Very Laggy.

 

SSLVPN issues on RV220W

Overall rating: 
 
4.7
Features:
 
5.0
Performance:
 
4.0
Reliability:
 
5.0
Reviewed by Cisco User
February 02, 2012
Report this review
 

I have spent a lot of time trying to configure this device on my own and with CISCO tech support. My case was eventually escalated level 3 (i think).

Problem 1:

When accessing https://WAN_IP/portal/sslvpn portal, text fields were grayed out and login button was disabled.

Solution: We eventually figure out that URL is CASE SENSITIVE
You must use https://WAN_IP/portal/SSLVPN for it to work properly.

Problem 2:
I am using Windows 7 x64 OS and no matter what I tried I I continuously received the message "Error Virtual Passage Installation Failed!" I built numerous virtual machines and confirmed that Virtual Passage driver works on WIndows XP and WIndows 7 x86, but NOT on x64.


Here is a final response from CISCO tech:
--------------------------
This is a valid issue that has been root caused. The SSL VPN driver file (.sys file) has a self signed Cisco signature but it should have Microsoft signature to get around the below Windows error.
This will be fixed for the upcoming MR2 release. We are investigating whether a work around to the below installation issue is available with the current firmware.
--------------------------

(Firmware Version: 1.0.3.5).

 
 
View all user reviews

Amazon Top-Selling Wireless Routers