Tag Archives: WRVS4400N

Cisco SRP547W router – first impressions and VPN support

I’ve recently acquired a Cisco SRP547W router to evaluate as a replacement for the Cisco WRVS4400N. The SRP547W sports a similar feature set to the WRVS4400N, with the added bonus of a built-in ADSL2+ WAN interface. Because the WRVS4400N only features an Ethernet WAN port, I had to use the Draytek Vigor 120 as a PPPoA to PPPoE bridge (in New Zealand broadband is delivered over PPPoA). This worked great, but at the end of the day if I can reduce the number of links in the chain it can only be a good thing.

Connecting the SRP547W to Orcon’s ADSL2+ network was straightforward and painless. The device features a very nice first-run wizard, a cut above what you’d find in a vanilla router (as you’d expect given the price difference).

Cisco SRP547W setup wizard.

All of the security goodies of the WRVS4400N are present, with one difference being much-improved VPN support. The SRP547W features a built-in “Cisco VPN Server”. Although Cisco market this as being intended for use with their non-free Cisco VPN Client product (which is end of life incidentally), it’s actually just a standard IPSec VPN and works with a variety of other clients. I had no problem creating a VPN tunnel on Windows 7 using Shrew Soft’s excellent (and free) VPN client. The stock Android VPN client also worked right out of the box, as did Ubuntu Linux using vpnc (I’ve yet to try Mac OS X). A maximum of ten VPN users are supported, and the experience is generally much better than using Cisco’s poorly supported QuickVPN product as marketed with the WRVS4400N.

Price-wise the SRP547W isn’t too bad, not being too much more than the original cost of the WRVS4400N + Draytek Vigor combo – plus you also get analog phone support, a full SIP stack and more. I’ll be sharing some feedback on these other features in the near future.

Advertisements

Configuring URL blocking policy on the Cisco WRVS4400N

This is a weird one and doesn’t really make a lot of sense – but posted here all the same if it helps someone. Part of the Cisco WRVS4400N‘s feature set is a configurable internet access policy, allowing the administrator to schedule internet access hours and permitted sites for discrete LAN clients. The latter is managed by updating a domain blacklist in the admin BUI.

The manual makes out that this is as simple as creating a new policy, adding clients, specifying whether it’s for blocking or allowing access, and adding URLs to the blacklist – but in practice it doesn’t work like this at all. In my case, configuring an “Allow” policy for a single client and adding entries to the blacklist resulted in all internet access being shut off entirely for all machines including the client in question. Looking at the Cisco Small Business support forums, there seems to be equal confusion on this from both customers and Cisco support personnel alike. One Cisco technician mentioned for example in a forum thread on the issue that any clients not defined in an “Allow” rule would be denied by default – but this nugget of information doesn’t seem to have been included in the reference manual.

Anyway, to get a simple website blocking policy in place for one LAN client, here’s what I had to do.

1) Configure an “Allow” policy for the client

In this policy we are allowing the client 24/7 internet access, but not permitting her to access the domain apple.com:

Configuring a internet access policy rule.

You’d think this would do the trick, but no. If your experience is the same as mine, this will shut off internet access entirely – so we move onto step 2.

2) Configure a second “Allow” policy for every other device

In this policy we are specifying an IP address range – which also covers the address of the machine above. Like the above policy, it’s for 24/7 internet access:

Configuring another internet access policy rule.

On saving this rule (you don’t need to reboot the router), you should have full access to all websites except for apple.com for the client defined in the first rule. All other LAN clients should have normal full access.

 

The WRVS4400N is now end-of-life. In my time with it it’s generally been a useful device, but marred by a number of issues which created the impression of a somewhat half-baked or half-heartedly-supported product (possibly due to its Linksys lineage which Cisco are selling off to Belkin). Counter-intuitive interfaces like the one described above, wireless performance which was pretty slow all around (really not living up to the advertised 802.11n), Cisco QuickVPN software which was great if you were only on Windows (with Cisco not interested in versions say for Mac OS), IPS signature files which failed to block Skype (counter to the advertised feature set), and so on. I have a Cisco SRP547W being made available soon hopefully to replace this unit which I will post some impressions on.