|At a glance|
|Product||Cisco Dual Gigabit WAN VPN Router (RV042G) [Website]|
|Summary||Popular Cisco small-business VPN router now finally with Gigabit ports|
|Pros||• All Gigabit ports
• Dual-stack IPv6 support
• Up and downlink priority and bandwidth QoS
• 50 IPsec tunnels
|Cons||• No L2TP support
• Mismatched uplink/downlink throughput
• Does not support subscription content filtering option
Updated 8/8/12 – Added switch chip info
Doug Reid does most of SNB’s VPN router reviews and he always dings products that don’t include Gigabit Ethernet ports. So when he reviewed Cisco’s last version of its go-to small business VPN router, the RV042 v3, that was among his few complaints.
Well, Doug and other Cisco RV042 fans can finally rejoice because Cisco quietly started shipping a Gigabit version last month, aptly named the RV042G Dual Gigabit WAN VPN Router. If you didn’t look closely, you would mistake it for the 10/100 RV042. The only difference is the product name and number subtly screened on the top and front of its black plastic front panel bezel.
Otherwise, the RV042G is the same, measuring around 5" X 8" X 1.5" and with the same lights and ports shown below and power jack on the side. Cisco uses the same graphic for both the RV042 and RV042G in its manuals, so it’s good enough for me.
RV042/RV042G front and rear panels
There is still no cooling fan and there are still wall-mount screw slots on the bottom of its grey metal case.
The 042G’s board is shown below, with the 042 v3 below it for comparison.
Updated 8/8/12 – Added switch chip info
The CPU and switch heatsinks are firmly attached, so I also need info from Cisco to identify the switch.
Since a Broadcom BCM52612E 10/100/1000BASE-T Gigabit Ethernet Transceiver is visible, I’m guessing there is a Broadcom 5 port Gigabit switch handling the other five ports, a BCM5387, perhaps? Cisco said it’s a Broadcom BCM53125M.
|Cisco RV042G||Cisco RV042 v3|
|CPU||300 MHz Cavium CN5010||300 MHz Cavium CN5010|
|Switch||Broadcom BCM53125M + BCM54612E||Realtek RTL8309G|
|RAM||128 MB||128 MB|
|Flash||32 MB||32 MB|
|PLD||Lattice LCMX0256C||Lattice LCMXO2-256|
Table 1: RV042G / RV042 v3 component summary
Note that both RV042s have two Mira RAM chips; the other one is on the bottom of the board.
RV042 V3 board
The G’s admin GUI provides access to the same feature set that Doug described in his v3 review. The v4.2.1.02 firmware dating from January 2012 has all the IPv6 features Doug described baked in.
Here’s a rundown of the RV042G’s features:
- DHCP, Static, PPPoE, PPTP, Transparent bridge WAN types
- DHCP server with MAC address reservation and multiple subnets
- VLAN support with multiple subnets (4 port-based, no 802.1q support)
- Dual-WAN with failover and load balance modes
- Many-to-one and one-to-one NAT modes
- Built-in Dynamic DNS client ((DynDNS, 3322)
- Static and dynamic routing
- SPI firewall disable, multicast, WAN ping and IDENT filtering and Proxy, Java, ActiveX and Cooking blocking
- Static port forwarding: 30 single ports or port ranges, no scheduling
- Triggered port forwarding: 30 single ports or port ranges, no scheduling
- 50 schedulable access rules each for IPv4 and IPv6
- Schedulable domain and keyword website blocking
- HTTPS admin access
- Incoming, outgoing, system onscreen log access
- Syslog support
- Email alerts
- Uplink and downlink QoS, priority and bandwidth limit modes
- 50 IPsec site-to-site and 50 client-to-gateway tunnels
- DES, 3DES, AES-128, AES-192, AES-256 encryption
- MD5, SHA1 authentication
- IPSec NAT-T supported for gateway-to-gateway and client-to-gateway tunnels
- 5 PPTP tunnels
A few missing features deserve some highlighting so you don’t miss them. Neither the static nor triggered port forwarding features let you specify source and destination ports and L2TP VPNs aren’t supported. So you’ll need to use either Cisco’s free but often-frustrating QuickVPN utility or grab third-party VPN client software such as TheGreenBow instead of using Win 7’s built-in VPN options.
I was surprised to find that the RV042G is the only RV0XX series router to not support Cisco’s optional ProtectLink Web feature. So you’ll need to make do with the domain and keyword blocking features.
Since the G has Gigabit ports, I’ve shown the port setup screen below. Note that you can force speed to 10 or 100 Mbps full or half duplex. But if you want Gigabit operation, you need to leave the Auto Negotiation box checked (the default). Note also that there are no jumbo frame controls. I didn’t check for jumbo frame operation because they aren’t really necessary any more with today’s computer architectures and network adapters.
RV042G Port Setup
The Firefox admin GUI problems Doug pointed out in his review were fixed long ago and I had no problems accessing the admin interface with Firefox 14. Since Doug didn’t provide a lot of admin screenshots in his review, I’ve put some of the key screens and commentary in the gallery below.
You can force speed to 10 or 100 Mbps ful or half duplex. But if you want Gigabit operation, you need to leave the Auto Negotiation box checked (the default)
LAN and WAN settings are accessed here. Note the Multiple Subnet enable and the two additional subnets entered.
If you have multiple IPs, One-to-One NAT will let you route specific IP traffic to separate subnets.
Controls for bandwidth management in rate control mode.
Controls for bandwidth management in priority mode. There are only two priority levels
This screen holds various firewall mode enables
You get 50 rules each for IPv4 and IPv6.
Rules can be allow or deny and scheduled
You get these filters instead of the subscription ProtectLink Web feature. The screenshot doesn’t show the Scheduling feature for these filters.
VPN status screen showing three IPsec tunnels up.
PPTP Status is on a separate screen from IPsec.
IxChariot results for IPsec gateway-to-gateway and PPTP client-to-gateway tests.
IxChariot results with traffic running in the opposite direction
Routing throughput was measured running v4.2.1.02 firmware, using our router test process. Table 4 summarizes and compares the RV042G and RV042 v3’s routing throughput. Cisco is a bit optimistic in its throughput specs for both models, specifying 100 Mbps NAT throughput for the v3 and 800 Mbps for the G.
|Test Description||RV042G||RV042 v3|
|WAN – LAN||609||91|
|LAN – WAN||492||90|
|Maximum Simultaneous Connections||24061||34925|
Table 2: Routing throughput
The IxChariot composite plot below shows downlink throughput stayed mostly at around 600 Mbps, but with frequent spikes up to as high as 933 Mbps. I saw this behavior both when I ran downlink alone and in the simultaneous up/downlink test. Uplink throughput was very steady when run by itself to produce the 492 Mbps average and dropped to an average of only 126 Mbps during the simultaneous up/downlink test.
RV042G routing throughput
Bandwidth management was not engaged for any of the routing throughput tests, but SPI and DoS features were enabled, which could be the cause of the high variation.
Note that the G’s simultaneous connection test did not max out at the 34925 test limit that the v3 hit. I ran the test three times and it sometimes stalled before restarting and then stopping at the 24K or so connections that I recorded as the maximum.
Cisco rates the RV042 v3 IPsec throughput at 59 Mbps and the RV042G at 75 Mbps. Doug’s iperf-based tests of the RV042 v3 achieved only a best case of 48 Mbps through a 3DES encrypted tunnel, pairing the RV042 v3 with a NETGEAR SRX5308.
Table 3 shows I did a bit better using a pair of Win 7 PCs connected via Gigabit Ethernet to test gateway-to-gateway IPsec tunnels between two RV042Gs using IxChariot‘s throughput script with TCP/IP. Although I didn’t hit the 75 Mbps Cisco spec, 60 Mbps through an AES 256 encrypted tunnel ain’t too shabby. Note that throughput in both directions was pretty evenly matched as shown in Table 3.
Table 3: Gateway-to-gateway IPsec throughpt
I also ran client-to-Gateway tests connecting another Win 7 machine via Cisco’s QuickVPN utility and measured a nice steady 54 Mbps. QuickVPN uses 3DES and MD5 in its one-way IPsec tunnel (traffic must be initiated by the client) and I had my usual struggles with it.
Even though the latest 22.214.171.124 version QuickVPN client now offers the hint (when the connection attempt fails) that Windows Firewall must be enabled, I still could not connect when I switched my machine’s network profile from Home to Public to comply with this requirement.
After many attempts, I finally succeeded when I stopped trying to use a security certificate exported from the RV042G. I just refused to quit when the missing certificate message popped up (twice) and finally was able to connect and run the tests.
I also checked the RV042G’s PPTP server performance using the Win 7 built in client. Gateway-to-client throughput of only 9 Mbps and client-to-gateway of only 12 Mbps (not shown) showed that PPTP performance isn’t a priority for Cisco. These results closely match what Doug measured on the RV042 v3 for PPTP.
The IxChariot plot below of PPTP and IPsec tests shows nice steady IPsec throughput, but cyclical throughput variation for PPTP.
RV042G VPN throughput
Keep in mind that the PPTP measurement is client-to-gateway using Win 7’s PPTP client and the IPsec runs are all gateway-to-gateway using a pair of RV042Gs.
Cisco has kept all the RV042 v3’s features and added the goodness of Gigabit ports. My tests show that the higher bandwidth connectivity provides a significant boost in routing throughput and a smaller goose to IPsec performance. The main negative for the G is the $50 premium (~35%) Cisco wants for the faster ports. Those little Gigabit switch chips sure must be expensive…