Cisco RV042G Dual Gigabit WAN VPN Router Reviewed

Photo of author

Tim Higgins

Dual Gigabit WAN VPN Router
At a glance
Product Cisco Dual Gigabit WAN VPN Router (RV042G) [Website]
Summary Popular Cisco small-business VPN router now finally with Gigabit ports
Pros • All Gigabit ports
• Dual-stack IPv6 support
• Up and downlink priority and bandwidth QoS
• 50 IPsec tunnels
Cons • No L2TP support
• Mismatched uplink/downlink throughput
• Does not support subscription content filtering option

Introduction

Updated 8/8/12 – Added switch chip info

Doug Reid does most of SNB’s VPN router reviews and he always dings products that don’t include Gigabit Ethernet ports. So when he reviewed Cisco’s last version of its go-to small business VPN router, the RV042 v3, that was among his few complaints.

Well, Doug and other Cisco RV042 fans can finally rejoice because Cisco quietly started shipping a Gigabit version last month, aptly named the RV042G Dual Gigabit WAN VPN Router. If you didn’t look closely, you would mistake it for the 10/100 RV042. The only difference is the product name and number subtly screened on the top and front of its black plastic front panel bezel.

Otherwise, the RV042G is the same, measuring around 5" X 8" X 1.5" and with the same lights and ports shown below and power jack on the side. Cisco uses the same graphic for both the RV042 and RV042G in its manuals, so it’s good enough for me.

RV042/RV042G front and rear panels

RV042/RV042G front and rear panels

There is still no cooling fan and there are still wall-mount screw slots on the bottom of its grey metal case.

Inside

The 042G’s board is shown below, with the 042 v3 below it for comparison.

RV042G board

RV042G board
Updated 8/8/12 – Added switch chip info

The CPU and switch heatsinks are firmly attached, so I also need info from Cisco to identify the switch. Since a Broadcom BCM52612E 10/100/1000BASE-T Gigabit Ethernet Transceiver is visible, I’m guessing there is a Broadcom 5 port Gigabit switch handling the other five ports, a BCM5387, perhaps? Cisco said it’s a Broadcom BCM53125M.

Cisco RV042G Cisco RV042 v3
CPU 300 MHz Cavium CN5010 300 MHz Cavium CN5010
Switch Broadcom BCM53125M + BCM54612E Realtek RTL8309G
RAM 128 MB 128 MB
Flash 32 MB 32 MB
PLD Lattice LCMX0256C Lattice LCMXO2-256
Table 1: RV042G / RV042 v3 component summary

Note that both RV042s have two Mira RAM chips; the other one is on the bottom of the board.

RV042 V3 board

RV042 V3 board

Features

The G’s admin GUI provides access to the same feature set that Doug described in his v3 review. The v4.2.1.02 firmware dating from January 2012 has all the IPv6 features Doug described baked in.

Here’s a rundown of the RV042G’s features:

  • DHCP, Static, PPPoE, PPTP, Transparent bridge WAN types
  • DHCP server with MAC address reservation and multiple subnets
  • VLAN support with multiple subnets (4 port-based, no 802.1q support)
  • Dual-WAN with failover and load balance modes
  • Many-to-one and one-to-one NAT modes
  • Built-in Dynamic DNS client ((DynDNS, 3322)
  • Static and dynamic routing
  • SPI firewall disable, multicast, WAN ping and IDENT filtering and Proxy, Java, ActiveX and Cooking blocking
  • Static port forwarding: 30 single ports or port ranges, no scheduling
  • Triggered port forwarding: 30 single ports or port ranges, no scheduling
  • 50 schedulable access rules each for IPv4 and IPv6
  • Schedulable domain and keyword website blocking
  • HTTPS admin access
  • Incoming, outgoing, system onscreen log access
  • Syslog support
  • Email alerts
  • Uplink and downlink QoS, priority and bandwidth limit modes
  • 50 IPsec site-to-site and 50 client-to-gateway tunnels
  • DES, 3DES, AES-128, AES-192, AES-256 encryption
  • MD5, SHA1 authentication
  • IPSec NAT-T supported for gateway-to-gateway and client-to-gateway tunnels
  • 5 PPTP tunnels

A few missing features deserve some highlighting so you don’t miss them. Neither the static nor triggered port forwarding features let you specify source and destination ports and L2TP VPNs aren’t supported. So you’ll need to use either Cisco’s free but often-frustrating QuickVPN utility or grab third-party VPN client software such as TheGreenBow instead of using Win 7’s built-in VPN options.

I was surprised to find that the RV042G is the only RV0XX series router to not support Cisco’s optional ProtectLink Web feature. So you’ll need to make do with the domain and keyword blocking features.

Since the G has Gigabit ports, I’ve shown the port setup screen below. Note that you can force speed to 10 or 100 Mbps full or half duplex. But if you want Gigabit operation, you need to leave the Auto Negotiation box checked (the default). Note also that there are no jumbo frame controls. I didn’t check for jumbo frame operation because they aren’t really necessary any more with today’s computer architectures and network adapters.

RV042G Port Setup

RV042G Port Setup

The Firefox admin GUI problems Doug pointed out in his review were fixed long ago and I had no problems accessing the admin interface with Firefox 14. Since Doug didn’t provide a lot of admin screenshots in his review, I’ve put some of the key screens and commentary in the gallery below.

Port Setup

You can force speed to 10 or 100 Mbps ful or half duplex. But if you want Gigabit operation, you need to leave the Auto Negotiation box checked (the default)

Network

LAN and WAN settings are accessed here. Note the Multiple Subnet enable and the two additional subnets entered.

One-to-One NAT

If you have multiple IPs, One-to-One NAT will let you route specific IP traffic to separate subnets.

QoS-Rate

Controls for bandwidth management in rate control mode.

QoS-Priority

Controls for bandwidth management in priority mode. There are only two priority levels

Firewall-General

This screen holds various firewall mode enables

Access rules-summary

You get 50 rules each for IPv4 and IPv6.

Access rules-add

Rules can be allow or deny and scheduled

Content Filter

You get these filters instead of the subscription ProtectLink Web feature. The screenshot doesn’t show the Scheduling feature for these filters.

VPN Status

VPN status screen showing three IPsec tunnels up.

PPTP Status

PPTP Status is on a separate screen from IPsec.

VPN Performance Xmit

IxChariot results for IPsec gateway-to-gateway and PPTP client-to-gateway tests.

VPN Performance RCV

IxChariot results with traffic running in the opposite direction

Routing Performance

Routing throughput was measured running v4.2.1.02 firmware, using our router test process. Table 4 summarizes and compares the RV042G and RV042 v3’s routing throughput. Cisco is a bit optimistic in its throughput specs for both models, specifying 100 Mbps NAT throughput for the v3 and 800 Mbps for the G.

Test Description RV042G RV042 v3
WAN – LAN 609 91
LAN – WAN 492 90
Total Simultaneous 739 91
Maximum Simultaneous Connections 24061 34925
Firmware Version v4.2.1.02 v4.0.0.07-tm
Table 2: Routing throughput

The IxChariot composite plot below shows downlink throughput stayed mostly at around 600 Mbps, but with frequent spikes up to as high as 933 Mbps. I saw this behavior both when I ran downlink alone and in the simultaneous up/downlink test. Uplink throughput was very steady when run by itself to produce the 492 Mbps average and dropped to an average of only 126 Mbps during the simultaneous up/downlink test.

RV042G routing throughput

RV042G routing throughput

Bandwidth management was not engaged for any of the routing throughput tests, but SPI and DoS features were enabled, which could be the cause of the high variation.

Note that the G’s simultaneous connection test did not max out at the 34925 test limit that the v3 hit. I ran the test three times and it sometimes stalled before restarting and then stopping at the 24K or so connections that I recorded as the maximum.

VPN Performance

Cisco rates the RV042 v3 IPsec throughput at 59 Mbps and the RV042G at 75 Mbps. Doug’s iperf-based tests of the RV042 v3 achieved only a best case of 48 Mbps through a 3DES encrypted tunnel, pairing the RV042 v3 with a NETGEAR SRX5308.

Table 3 shows I did a bit better using a pair of Win 7 PCs connected via Gigabit Ethernet to test gateway-to-gateway IPsec tunnels between two RV042Gs using IxChariot‘s throughput script with TCP/IP. Although I didn’t hit the 75 Mbps Cisco spec, 60 Mbps through an AES 256 encrypted tunnel ain’t too shabby. Note that throughput in both directions was pretty evenly matched as shown in Table 3.

Test Description RV042G
Local-to-Remote
RV042G
Remote-to-Local
DES 58 61
3DES 58 61
AES 256 59 60
Table 3: Gateway-to-gateway IPsec throughpt

I also ran client-to-Gateway tests connecting another Win 7 machine via Cisco’s QuickVPN utility and measured a nice steady 54 Mbps. QuickVPN uses 3DES and MD5 in its one-way IPsec tunnel (traffic must be initiated by the client) and I had my usual struggles with it.

Even though the latest 1.4.2.1 version QuickVPN client now offers the hint (when the connection attempt fails) that Windows Firewall must be enabled, I still could not connect when I switched my machine’s network profile from Home to Public to comply with this requirement.

After many attempts, I finally succeeded when I stopped trying to use a security certificate exported from the RV042G. I just refused to quit when the missing certificate message popped up (twice) and finally was able to connect and run the tests.

I also checked the RV042G’s PPTP server performance using the Win 7 built in client. Gateway-to-client throughput of only 9 Mbps and client-to-gateway of only 12 Mbps (not shown) showed that PPTP performance isn’t a priority for Cisco. These results closely match what Doug measured on the RV042 v3 for PPTP.

The IxChariot plot below of PPTP and IPsec tests shows nice steady IPsec throughput, but cyclical throughput variation for PPTP.

RV042G routing throughput

RV042G VPN throughput

Keep in mind that the PPTP measurement is client-to-gateway using Win 7’s PPTP client and the IPsec runs are all gateway-to-gateway using a pair of RV042Gs.

Closing Thoughts

Cisco has kept all the RV042 v3’s features and added the goodness of Gigabit ports. My tests show that the higher bandwidth connectivity provides a significant boost in routing throughput and a smaller goose to IPsec performance. The main negative for the G is the $50 premium (~35%) Cisco wants for the faster ports. Those little Gigabit switch chips sure must be expensive…

Related posts

CUJO Smart Internet Security Firewall Reviewed

The CUJO Smart Internet Security Firewall tries to bring enterprise security to your home's networks.

ASUS SL1000 Internet Security Router reviewed

Simply put, ASUS' SL1000 is one hell of a powerful little router and our test bench is still smoking! But it has a user interface that only true networking techies can love. ASUS agrees on this last point so it'll be awhile before you can buy it, but you can at least read about it now.

SmoothWall Express 2.0

Next in our series of reviews of Open Source based router / firewalls is SmoothWall Express 2.0. Jim Hubbard takes a look at this free, user-friendly distro, that's speedy enough for pretty much any connection you can throw at it.