Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Mesh Charts

Click for Mesh Charts


The RV 120W has Remote Access VPN and Site-to-Site VPN capability.  I found both quite easy to set up and use.  Cisco lists their Quick VPN Client as the supported VPN client, which is available on a disk included with the router, as well as on Cisco's website here.

Installing and configuring the client and router involved just two steps.  First, I installed the client on a 64bit Windows 7 Pro laptop.  Second, I configured a Quick VPN user name and password on the router.

Upon configuring a Quick VPN user name and password on the RV 120W, the router automatically changes its LAN IP address from to 10.x.x.0/24.  The LAN subnet is randomly created from 10.x.x.x.  The first time I added a Quick VPN user name and password, the router configured its LAN subnet to  I defaulted the router two more times and re-added Quick VPN user names and passwords.  One time, the router configured its LAN subnet to, the other to

A common challenge on VPN tunnels is the subnets on both ends of a tunnel must be different.  Thus, it is useful Cisco automatically changes the router's LAN to a random subnet.  However, if you've had the router in use for awhile, changing the LAN subnet can cause issues with your configurations, as per the warning shown in Figure 5.  If you plan to use Quick VPN, I recommend you set up a Quick VPN user name and password right away.

LAN subnet change warning

Figure 5: LAN subnet change warning

I also created a dynamic DNS address on the RV 120W so I could use a static address for remote access.  The RV 120W supports dynamic DNS from and 

Once the Quick VPN client is installed and the user name and password are created on the router, you simply run the software, enter the user name and password and the IP or dynamic DNS address of the RV 120W, and click connect.  An IPsec tunnel is then created to the RV 120W LAN and you'll see a message on your PC like Figure 6 indicating your tunnel is successfully up.

QuickVPN tunnel up

Figure 6: QuickVPN tunnel up

In all, the Quick VPN software is easy to use and stable.  I used it to connect to the RV 120W LAN while traveling, and had no problem establishing a secure remote connection.

Site-to-Site VPNs are also easy to configure.  I used a NETGEAR SRX5308 to test a Site-to-Site VPN tunnel with the RV 120W.  Figure 7 shows the status screen of my active VPN tunnel.

Site-to-site tunnel status

Figure 7: Site-to-site tunnel status

I found it remarkable that I was able to use the VPN Wizard on both the RV 120W and SRX5308 to successfully set up a tunnel.  I've had success using VPN Wizards before, but I was surprised to find both Cisco and NETGEAR use the same settings in their VPN Wizards.  (For the record, the default settings used by the RV 120W VPN are Main exchange mode, 3DES encryption, SHA-1 authentication, DH Group 2, and Perfect Forward Secrecy (PFS) enabled.)

Cisco rates the RV 120W at 25 Mbps for VPN throughput and that it can support up to 10 Quick VPN tunnels and 10 Site-to-Site tunnels.

I tested the RV 120W's VPN throughput with iperf using default TCP settings, with a TCP window size of 8KB and no other options.  (Running an iperf throughput test between two PCs to test throughput requires the command iperf -s on one PC and iperf -c (ip) on the other PC.)

I was pleased my tests verified Cisco's ratings, as you can see in Table 1.  I measured VPN throughput on the RV 120W at 21.2 - 23.1 Mbps on the Quick VPN connection, and 25.3 - 26.6 Mbps on a Site-to-Site VPN connection.  (Note, the SRX5308's VPN throughput is 38.1 - 42.6 Mbps, meaning it wasn’t a limiting factor in my tests with the RV 120W.)

Client VPN 23.1 21.2
Site-to-Site VPN 25.3 26.6
Table 1: VPN throughput

The main downside for the RV 120W is that it only passes through L2TP. So when I tried to establish a tunnel to it from my notebook using Win 7's built-in L2TP / IPsec VPN client, I couldn't get it to connect. This would have been a bigger mark against it had not the free, bundled Quick VPN client worked as effortlessly as it did.


The firewall on the RV 120W is customizable and intuitive to configure.  Basic firewall configurations includes a check box page to enable/disable traffic blocking such as ICMP traffic to the WAN port and DoS checks such as TCP and UDP flooding.  UPnP and a SIP ALG are also features that can be enabled or disabled.

More advanced firewall configurations involve controlling traffic between the three zones: WAN, LAN, and DMZ.  Rules can be created to filter different traffic flows between zones based on traffic type, time of day, and source and destination IP addresses. 

There are 63 different predefined traffic types.  Additional custom traffic types can be defined based on TCP, UDP, or ICMP protocol and port.  I created a custom traffic type for iperf traffic, which uses TCP and port 5001.  Figure 8 shows a firewall rule I created to  allow and forward iperf traffic from the WAN to a specific PC on the LAN side of the RV 120W. 

Firewall rule

Figure 8: Firewall rule

The RV 120W also has content filtering capability.  The RV 120W enables content filtering to block web components utilizing Java and ActiveX, as well as web sites that manipulate traffic via proxy servers, or those that track activities via cookies.

More detailed content filtering requires specifying which devices on the LAN will have content filtering applied and defining keywords.  To specify which devices on the LAN will have content filtering applied, you create a list of the IP addresses whose traffic should be filtered called a LAN Group.  Then, you define your keywords and apply the filter to the LAN Group.

Any keyword defined in the RV 120W and found in the website's URL or web page will display the warning shown in Figure 9 instead of the offending website.  In addition, a list of trusted domains can be created for websites where content should not be filtered.

URL keyword block alert

Figure 9: URL keyword block alert

Keyword blocking is a basic means of restricting web traffic, but isn't all that effective by itself.  Keyword blocking will filter some sites depending on the list of words you build, but it won't filter images or media.  However, Cisco doesn't claim that the RV 120W is a true Unified Threat Management (UTM) device.  The RV 120W would have to be combined with a more advanced content filtering solution if comprehensive web filtering is desired.

Another interesting feature on the RV 120W firewall is One-to-One NAT.  Per Cisco, “One-to-One NAT is a way to make systems behind a firewall that are configured with private IP addresses appear to have public IP addresses.”  With this feature, and public IP addresses from your ISP, you can map a range of private IP addresses on your LAN to a range of public IP addresses on the WAN, even though the WAN interface has only one IP address. 

When One-to-One NAT is fully configured, outbound traffic from devices with private IP addresses in the defined range will appear to be coming from one of the configured public IP address.  Inbound traffic that matches one or more of the predefined or custom traffic types and has a destination of one of the public IP addresses will be mapped to the corresponding private IP addresses.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2