Skip to content
fordjes's profile

New Member

 • 

1 Message

Mon, Jan 18, 2021 12:00 PM

Comcast business modem blocking inbound VPN connectivity.

Looking for help from folks familiar with the Comcast business modems currently being deployed for customers. I have a single static IP that is currently configured on my FW and is working fine for generic internet access. However, when I build the VPN server functionality on the FW I am unable to connect a successful OpenVPN tunnel through the Comcast modem to my FW.  Below are a series of test I have conducted to detail what is being seen thus far. Yes it is long but I tried to be clear and detailed as to what I did, how I tested and the issues found. I welcome any help anyone can provide with this issue.

For reference, I am a network architect by trade with over 20 years in the industry doing "IT" daily so I do know how to build and troubleshoot networks.

Scenario 1. 
ISP:Comcast
Modem Mode: Standard operating mode ( Out of the box operation)
Firewall: Turn off for IPV4 and IPV6
DHCP: Off, I am manually assigning IP's for my test PC on one of the available ethernet ports.
Static IP: Assigned to FW, internet browsing is operational, no issues found.

When I am connected to the back of the Comcast modem and my laptop is in the 10.1.10.0 subnet at .2 I am able to establish an OpenVPN session to my FW that is connected on port 1 while PC on port 2 for the onboard switch. I can go to my FW and execute a TCPDUMP and verify that I do see traffic on the designated port as well as from my PC I can see the advertised routes for the VPN with access to my internal resources. 

Scenario 2. 
ISP: Comcast
Modem Mode: Bridged mode ( Tried both advanced and basic bridge mode)
Firewall: Turn off for IPV4 and IPV6
DHCP: Off
Static IP: Assigned to FW, internet browsing is operational, no issues found.

In this test scenario I can't connect to the modem to test my browsing or VPN connectivity. When I connect my laptop to an different ISP I am unable to connect my VPN when passing through the Comcast modem. I confirmed that I do not see any inbound attempts on my FW edge using TCPDUMP as well as checking my FW logs to make sure no traffic is being dropped. 

During this testing,I am able to place my laptop on my network supported by Comcast and connect as a client outbound to one of my customer sites who use Spectrum as their ISP to the same version of FW with the same VPN config successfully. I can verify this is passing through the Comcast network using TCPDUMP on the WAN interface connected to Comcast. This shows outbound through the modem and FW as a client to another server things are fine with my build. 

Scenario 3. 
ISP: Verizon Wireless using LTE router
Modem Mode: Bridged mode ( Tried both advanced and basic bridge mode)
Firewall: Turn off for IPV4 and IPV6
DHCP: Off, I am manually assigning IP's for my test PC on one of the available ethernet ports.
Static IP: DHCP 

When I move my WAN connection to LTE router connected to the Verizon Wirless network without changing anything more than my IP I am able to connect from the public internet through to my OPENVPN server running on my FW, browse internal resources and verify my traffic with TCPDUMP again without issue. This further indicates the issue is not within my FW or internal network but rather the Comcast modem. 

Responses

No Responses!