We are trying to do multiple VPN connections for a small business with a Comcast Business Internet connection – Comcast only allows one VPN connection to one inside device at a time (NAT, not PAT) and that will not do. Bought a Zoom 5341J modem and Internet is flowing through it to an Ubiquiti ERLite-3 just fine – likely because DHCP is linking the ERLite-3 to the Comcast end. That being the case, we have a static and gateway IP (from Comcast) to set to do VPN in the router. I am finding that upon entering that info into the correct GUI fields in the ERLite-3 it kills the Internet connection. I called Comcast and asked them to set the static IP on their end so it binds to the MAC of the modem – I gave Comcast the MAC of the modem previously. (Sidebar: I have taught CISCO networking for many years and that is normally how it is done: vendor IP’s their end and you IP your end.) Comcast Level 1 support says they cannot do this (bind the static IP to the MAC of the modem) and we must use their equipment – a consequence I have read over and over again in these and other forums. The question is, should I just fire up the Comcast SMCD3G modem/router again and have Comcast place it into bridge mode? Will this scenario work in bridge mode? I’d remove the Zoom from the mix and return it to the vendor if this works. Has anyone had success with this working with this scenario? I’d love to use our own gear (Zoom, ERLite-3) and send back the SMC unit. Maybe someone above Level 1 support knows how to set the static address on the Comcast end for the MAC of our Zoom.
Thanks for any input, how to proceed, etc.,
Hello Mikeinriley and welcome,
So please correct me if I am misinterpreting you network interconnect.
You have an SMCD3G Comcast Gateway (SCG) with a staticIP address and you are programming your Zoom 5341J (ZJ) WAN interface using the routable static IP, gateway, and subnet mask address and this device is directed ENet interconnected to one of the SCG LanPorts 1-4. Then you have your Ubiquiti ERLite-3 (UE3) connected directly to one or more ports on the ZJ. The UE3 uses the ZJ internal DHCP and you have the SCG LAN DHCP disabled (Please confirm that this is your situation, and if it not, please configure the SMC accordingly.)
Many times when you are looking to facilitate multiple VPN users via a dedicated VPN device, if you have both the SCG and the VPN devices DHCP servers enabled, this will always create VPN conflicts and make it seem as though you can only have one VPN device at a time, which is totally inaccurate if the networking interconnect and setup/configuration is correct.
I would be very interested in your letting us know if 1.) my interpretation of your interconnect is correct and 2.) if your networking setup/configuration is also correct.
Hope this helps you out.
We are not using the SMC at this time. Using the Zoom modem and the ERLite-3 router only. SMC is offline and shelved right now. Looking to return SMC to Comcast and use this homebrew of Zoom/ERLite-3 to facilitate multiple simultaneous VPN NAT/PAT connections – and if Comcast would help me or become less proprietary about their modem/router this would be very do-able. The UE3 is connected to the sole Ethernet port on the Zoom. UE3 is using DHCP at this time to make Internet via Comcast work.
Simply put, the SMC only permits 1-1 NAT, that is, a single outside public connection to a single internal private network PC. We need 1-Many NAT over VPN, and in the ER3 (and Cisco routers) this is possible (but apparently not in the Comcast Business class world = proprietary technology). The ER3 supports the ability to do VPN/NAT the way nature intended – and quite elegantly. The SMC has a screen where it is clearly seen, that only a single mapping of the public address to an internal address is possible. This actually begs the question of whether Comcast intentionally makes it impossible to do 1-Many NAT over VPN with this particular SMC unit, unless one buys additional static IP’s (which we may end having to do!). With that, I also wonder if they push a bootfile to update firmware on the SMC or we get an entirely different modem/router from Comcast.
Hi mikeinriley. "Comcast IP gateways are not configured as VPN endpoints and should only be set to function as a pass through device to a directly connected customer owned VPN termination device." The "1-Many NAT over VPN" function is not available on the Comcast Gateways.
Comcast does not provide technical support for VPN endpoints due to their highly technical nature.