I have a SMCD3G-CCR modem connected via Comcast 50/10 connection. I need to set up a VPN for a remote user to access remote desktop and file/print services.
I was told that only Motorola Surfboard 120, 121 and 141 are acceptable models. Is this really the case or are there real choices? I have also read that Netgear routers have had serious problems running a VPN behind a Comcast modem.
Either way, where can I find a recommendation on a VPN router behind a SMCD3G?-CCR?
Hello dmsmythe and welcome,
We have MANY customer that successfully implement VPN with ALL Comcast Gateways if it is done correctly. By correctly I am referring to make sure that you adhere to the following:
RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -
2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through
Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.
Do not forget: If you enable Windows firewall or RRAS static filters on the public interface and only enable VPN traffic to pass-through, then all the other traffic may be dropped. For example, if the same server is running as a mail server facing internet or a DNS server or a reverse web proxy server, then you need to enable the ports used by those services explicitly. For further details, refer to this article: http://blogs.technet.com/rrasblog/archive/2006/07/06/enabling-rras-drops-all-other-traffic-except-vp...
Many customers complain that the CGs are the root cause of their inability to use VPN, however, I sumbit to you that you must make sure you utilize the above aforementioned, along with making sure yout SIP provider uses the correct SIP ports that you have opened on your CG.
Hope this helps you out.
Thanks for the information. I'm still considering what hardward/software to buy that works with Comcast's network and would welcome any recommendations.
Many small businesses I have worked with use the Cisco RV042G VPN router with Comcast gateways. It can be had for ~$150, and allows site-to-site or client-to-site IPsec/PPTP VPNs. For something more powerful, the Cisco ASA 5505 is a good contender. Other smaller router manufacturers I like include Ubiquiti with their EdgeRouter line, and Mikrotik with their RouterBoard line.