Sunday, June 28, 2009

RTFM?

The last resort in tech support is RTFM (read the freaking manual)!

It is almost impossible to find the answer you need quickly in the manual. Who wants to write a manual? How much to manufacturers want to pay for a manual? Bottom line, the manual may be written by someone with limited English proficiency and no experience with the product.

For a "just-in-time" answer to a practical problem, Google is your best bet. But crafting a query that describes the problem concisely is not always easy. And any proposed fixes may not work, or, worse, they may compound the problem. So, skepticism is necessary and care must be taken to avoid making matters worse.

Keystone Computer supports several Cisco Small Business RV082 dual-WAN routers. Our experience with this device illustrates my points today. Here's some misinformation I got from the net via Google:

  • "Just in case no one told you, "none" of the WRV54G and RV0XX series support passing the "GRE" protocol (47), so, that's why you get stuck at "verifying network" and can't use the microsoft vpn client (yeah, sucks azz...). This was done purposely to force people to use the quickvpn client."
    • Not so; the RV082 usually plays nicely with Microsoft VPNs. IFF you enable one-to-one NAT do you have problems with protocol 47 when VPN'ing over forwarded ports.
And here's where I was confused and led astray by the manual:
  • "One-to-One NAT opens the firewall for one network user a lot like the DMZ host feature. In this feature, however, the network user is restricted to a single website."
    • That second sentence is hogwash.
  • "NOTE: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the Internet will be allowed unless Network Access Rules are set."
    • This is bull hockey. There is nothing you can do with Access Rules to limit access to a machine that has been exposed via one-to-one NAT.

Fortunately, this story has a happy ending. With a minimum of fuss and wait, I was able to call and talk to a Cisco Small Business engineer. He knew what he was talking about. I let him log into the router remotely and configure it to do exactly what I need it to do for one of my clients. Problem solved!