Have the above modem with a block of 5 static IP's. I have a vpn a couple of hops behind the inside interface of the modem on a fully routed RFC1918 network. We have placed the modem into "fake bridge" mode and stopped the NAT and packet inspection per instructions. I have place the public IP's onto the external interface of OUR border router which is connected to the lan side of the SMC. I have a couple of VPN's in our RFC1918 network through the SMC that terminate in remote offices that work just fine. ALL vpn's worked just fine with this exact setup except our border router was connected to an ATT T1 line. Replaced the T1 line with the CC HSI business class and I have one VPN that will not connect reliably. This is to a SonicWall VPN router and has a 1:1 nat through our border router (with the public IP address assigned to us from CC). Apparently this VPN does not like to traverse through the "fake bridge" on the SMC but the others ones have no problems with it?
I am asking for suggestions for correcting the problem as this vpn is an important one to use and we cannot change the hardware at either end very easily.
I understand that CC assingns our public IP block to the internal inferface and passes that to their network via RIP.
I wish to remove the public ip addresses from the outside interface of our border router and use a RFC1918 subnet for communications between the router and the SMC and use the 1:1 NAT built into the SMC and use a fully routed RFC1918 network to carry the VPN traffic and thus have one NAT to traverse. I would be dependent upon the firewall on the SMC, but if it would make all vpn's work, I could live with that.
I believe that I am limited to 8 static routing statements on the inside of the SMC. Can each statement handle greater than a /24 subnet? Can I use 192.168.0.0/16 as a static route in the SMC? We have greater than 8 rfc1918 networks behind our border router but if the SMC will handle it, that is one option.
If I could enable RIP on the inside interface of the SMC, it should route any RFC1918 address back to my network as it will receive the appropriate routing tables from my border router via rip.
I am sure there are other options and I would be open to trying them. I just know that this one particular vpn does NOT like the setup and is up and down and totally unusable. If we switch it back over to the ATT line (haven't cancelled it yet because CC is not stable yet) is works worderful. The other vpn's work through the SMC like I think they are supposed to.
Upper management is really coming down hard on the tech people to get this up and running. We have wasted way too much time and resouces troubleshooting a problem that could be solved with the proper equipment (a "true" bridge) on the CC side.
Solved! Go to Solution.
It sounds like you are experiencing double NAT issues, as a result of having the SonicWall router downstream from your border router, while still trying to make it traverse to the SMC modem. Your SonicWall router should have no awareness of the the world beyond your border router. As far as it is concerned, that border router is its WAN connection.