Connectivity
Connectivity and managing Your Comcast Business network
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Highlighted
Visitor

VPN connectivity and IP protocol 50

I'm trying to connect a VPN between two sites. I have to Internet providers. Everyhing works correctly with provider 1. When I change to Comcast the circuit and attempt the same connection, the VPN fails to connect.

 

I have tested this with the Comcast Gateway Firewall wide open. Does anyone know if the Comcast network or the Business Gateway device blocks VPN-related ports and protocols? Specifically IP Protocol Type 50?

 

Matt

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

After calling customer support multiple times and reaching out to the sales person dedicated to our office tower, we got nowhere.

 

Comcast continues to earn the reputation of having the worst customer service known to man.

View solution in original post

0 Kudos
7 REPLIES 7
Highlighted
Trusted Forum Contributor

Re: VPN connectivity and IP protocol 50

I think it might depend on whether you are leasing a static IP or not.... if you are configuring your VPN router/endpoint with a 10.1.10.x address, then you will be depending on the Comcast gateway to pass ESP packets (protocol 50). I do not believe the firewall is sophisticated enough to allow you to do this.

 

I will say, that I run multiple IPsec VPN endpoints that are configured with Comcast-provided static IPs, and they all work fine. The Comcast gateways should pass all traffic through to static IP-configured devices.

0 Kudos
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

I am leasing Comcast statics. Would this "true bridge" mode I've been reading about help? I have the Comcast device configured to do as little as possible (NAT and DHCP off, firewall disabled). My VPN endpoint is one of the Comcast static IPs.

0 Kudos
Highlighted
Trusted Forum Contributor

Re: VPN connectivity and IP protocol 50

No, "true bridge" isn't available if you have statics. It disables the static IP, and all other routing functions of the Comcast gateway, essentially turning it into a plain cable modem.

 

I am assuming that you have modified each endpoint's configuration to point to the Comcast static IPs? If so, do you have the ability to run a packet trace on the endpoints, to see where they get dropped?

0 Kudos
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

Yes, I'll try the packet tracing and follow up.

0 Kudos
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

After running Wireshark, we don't see any obvious port or protocol blocks. We are instead seeing NAT errors. We have the gateway set to not use NAT, but the remote site is telling us via Wireshark log that we still look NAT'd from the remote site's perspective.

 

This particular VPN we are trying to setup is a site to site between HQ and Microsoft Azure using RRAS. One of the requirements is we cannot be NAT'd behind the gateway.

 

Any suggestions?

0 Kudos
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

Is anyone monitoring this thread? Comcast support has been abominable. In my experience, this isn't business class internet. This is dressed up consumer/residential internet.

 

I can't get any support, either online or via phone and the gateway is a piece of junk.

0 Kudos
Highlighted
Visitor

Re: VPN connectivity and IP protocol 50

After calling customer support multiple times and reaching out to the sales person dedicated to our office tower, we got nowhere.

 

Comcast continues to earn the reputation of having the worst customer service known to man.

View solution in original post

0 Kudos