Skip to content
Matt3586's profile

New problem solver

 • 

6 Messages

Wednesday, March 18th, 2015 3:00 PM

VPN connectivity and IP protocol 50

I'm trying to connect a VPN between two sites. I have to Internet providers. Everyhing works correctly with provider 1. When I change to Comcast the circuit and attempt the same connection, the VPN fails to connect.

 

I have tested this with the Comcast Gateway Firewall wide open. Does anyone know if the Comcast network or the Business Gateway device blocks VPN-related ports and protocols? Specifically IP Protocol Type 50?

 

Matt

Accepted Solution

New problem solver

 • 

6 Messages

10 years ago

After calling customer support multiple times and reaching out to the sales person dedicated to our office tower, we got nowhere.

 

Comcast continues to earn the reputation of having the worst customer service known to man.

New problem solver

 • 

6 Messages

10 years ago

I am leasing Comcast statics. Would this "true bridge" mode I've been reading about help? I have the Comcast device configured to do as little as possible (NAT and DHCP off, firewall disabled). My VPN endpoint is one of the Comcast static IPs.

Gold Problem solver

 • 

610 Messages

10 years ago

I think it might depend on whether you are leasing a static IP or not.... if you are configuring your VPN router/endpoint with a 10.1.10.x address, then you will be depending on the Comcast gateway to pass ESP packets (protocol 50). I do not believe the firewall is sophisticated enough to allow you to do this.

 

I will say, that I run multiple IPsec VPN endpoints that are configured with Comcast-provided static IPs, and they all work fine. The Comcast gateways should pass all traffic through to static IP-configured devices.

Gold Problem solver

 • 

610 Messages

10 years ago

No, "true bridge" isn't available if you have statics. It disables the static IP, and all other routing functions of the Comcast gateway, essentially turning it into a plain cable modem.

 

I am assuming that you have modified each endpoint's configuration to point to the Comcast static IPs? If so, do you have the ability to run a packet trace on the endpoints, to see where they get dropped?

New problem solver

 • 

6 Messages

10 years ago

Yes, I'll try the packet tracing and follow up.

New problem solver

 • 

6 Messages

10 years ago

After running Wireshark, we don't see any obvious port or protocol blocks. We are instead seeing NAT errors. We have the gateway set to not use NAT, but the remote site is telling us via Wireshark log that we still look NAT'd from the remote site's perspective.

 

This particular VPN we are trying to setup is a site to site between HQ and Microsoft Azure using RRAS. One of the requirements is we cannot be NAT'd behind the gateway.

 

Any suggestions?

New problem solver

 • 

6 Messages

10 years ago

Is anyone monitoring this thread? Comcast support has been abominable. In my experience, this isn't business class internet. This is dressed up consumer/residential internet.

 

I can't get any support, either online or via phone and the gateway is a piece of junk.