New Member
•
1 Message
GRE through DPC3939B - Protocol 47?
I have been trying to connect a GRE tunnel between my Cisco routers and am having on luck. I have tried to research what i need to do, but all I can find are the following references:
1. forward port 1701 and 1723 from my DPC3939B directly to the router IP inside (currently 10.1.10.100)
2. forward "protocol 47" from my DPC3939B directly to the router IP inside (currently 10.1.10.100)
I have added the static port mappings for 1701 and 1723 to the internal IP Address, but I see no "protocol" options in the DPC3939B. Will I be able to set up the GRE (VPN) network through the Comcast Business gateway?
I am connecting a remote Cisco 3825 to an internal Cisco 1841 that sits behing the Comcast gateway.
Cisco 1841 -> Comcast Cisco DPC3939B -> Internet <- Comcast router <- Cisco 3825
Any suggestions would be apprecaited. I need to get this working ASAP.
Thank you,
BlueVine
VBSSP-RICH
Advocate
•
1.4K Messages
10 years ago
Hello bluevine and welcome,
First, if you are using 10.1.10.100 and this is insdie you DHCP server dynamic IP range, then it will not work due to this address is not static by nature. So, I would recommend that you change your DPC3939B LAN DHCP start address to 10.1.10.10 instead of 10.1.10.2. This will give you 10.1.10.2 through 10.1.10.9 to use as psuedo static IP addresses outside the dynamic IP range. Another alternative is change your DPC3939B LAN DHCP ending address to 10.1.10.99, this will put you 10.1.10.100 also outside the dynamic range and it will only be used by your 1841 if programmed in force feed mode.
Lastly, it is imperative that your configuration scenario is clearly understood as the following will clarify and assist you :
"1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -
2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through
Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall."
Hope this helps you out.
0
0