Cisco 3939B Remote Management

Hello JSPR_IT_Admin and welcome,

I have checked within Comcast Agent DPC3939B console login and there does not appear to be any remote login capability with this Comcast Gateway.  It does have Email Notification that you can setup various alert events to be sent to an email address or email server.

Hope this helps you out.

Thank you for checking.  Then which Comcast Business Gateway does allow this?

Ron

I believe the SMCD3G and NetGear3000 both do support this, but Comcast does not recommended this for total network security reasons. If infamous hackers are able to remotely infect many computers in our world, just think what they can obtain through infiltration of a Gateway hub via remote access?! 

So is my best best is to get a VPN solution in place to attach to the gateway for management outside the office?

Ron

You can use any VPN device connected to any Comcast Gateway using a staticIP address and making sure the correct implementation / ports are open and used as follows:

"

1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -

• For PPTP:
  • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
  • IP Protocol=GRE (value 47)   <- Used by PPTP data path
• For L2TP:
  • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
  • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
  • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
• For SSTP:
• IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
• For IKEv2:
  • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
  • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
  • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through

• For PPTP:
  • IP Protocol=TCP, TCP Port number=1723  <- Used by PPTP control path
  • IP Protocol=GRE (value 47)  <- Used by PPTP data path
• For L2TP:
• IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv1 (IPSec control path)
• IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
• IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
• IP Protocol Type=50  <- Used by data path (ESP)

• For SSTP:
• IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path

• For IKEv2:
• IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv2 (IPSec control path)
• IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
• IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
• IP Protocol Type=50 <- Used by data path (ESP)

Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.

 "

Hope this helps you out.