Equipment (Modems,Gateways)
ACCOUNTSPAYABLE
New Member

NAT conflict with NetGear CG3000DCR Gateway

HI -

 

Upon switching to Comcast BZ class, we seem to have lost the ability to map drives to our server from offsite. Before Comcast, our T1 was set up to allow the router to handle NAT and the modem just supplied the internet. Troubleshooting the mapping problem, I get a message that there is more than one device performing NAT, which I assume means the gateway is trying to do it too. How do I turn NAT off in the gateway?

 

Thanks!

K--

0 Kudos
5 REPLIES 5
Community Manager
Community Manager

Re: NAT conflict with NetGear CG3000DCR Gateway

Hi accountspayable.  Access to the WAN tab is required to disable NAT on the Comcast Gateways. As this is only available to Comcast technicians, please contact our Service Center @1-800-391-3000 for assistance. 

0 Kudos
graysales
New Member

Re: NAT conflict with NetGear CG3000DCR Gateway

Hi Comcast_John, we just received a swap to a Netgear cg3000dccr today and everything is great except we need to know how to passthrough GRE (IP 47)?

 

We have the TCP ports set correctly but we have an existing PPTP VPN behind the firewall that we still need to use. We need that IP 47 (GRE) to passthrough too.

0 Kudos
graysales
New Member

Re: NAT conflict with NetGear CG3000DCR Gateway

Hmmm... if I enter port 47 external and internal and "both" it just magically works.

I would feel far more confident in this resolution if there was comcast documentation for this router's configuration that said this configuration would work.

0 Kudos
Forum Contributor

Re: NAT conflict with NetGear CG3000DCR Gateway

GRE is a protocol, it is NOT a tcp port.

 

PPTP vpn's work by making an initial connection to tcp port 1723 and do the authentication on that then they switch to GRE protocol #47, which has absolutely nothing to do with TCP port 47

 

To forward PPTP to a server (like a windows server on your private network) all you do is port forward tcp port 1723

 

There is code in the router that when it sees a VPN connection though port 1723, it willl port-forward the GRE stream associated with that connection.

 

Port forwarding TCP port 47 should do absolutely nothing to help PPTP work.  It's certainly possible that someone added a code routine in there that does something like this:

 

check inbound port forward

  is it 47?

   if no, then do the forward

    if yes, then the user is a bonehead, silently port forward 1723

 

Keep in mind also that in this scenario you can only generally have ONE remote PPTP user in the VPN server at a time - because a GRE stream has no information in it that allows the router to split the GRE streams in the NAT.  To get around that, turn OFF NAT on the cable modem and assign a public IP number to your Windows PPTP server and turn on "internet sharing, ie: NAT" on your Windows PPTP server.  (it will then become the firewall router)

 

Or, better yet, switch to OpenVPN and use SSH vpns which are better in every way.

0 Kudos
wielager
New Member

Re: NAT conflict with NetGear CG3000DCR Gateway

Hi, hope you can help.

 

We've just upgraded our ComCast service and the modems were changed. We used to have a SMC8014. It was replaced by a  CG3000DCR. 

 

I've setup port forwarding on the new modem to our Windows 2003 SBS server. On the new modem it seems to only allow one connection. On the old modem we were able to have multiple connections simultaneously. We desparately need multiple connections. What do we need to do?

 

Thanks! 

0 Kudos