Equipment (Modems,Gateways)
Back to Top

VPN / Netgear CG3000DCR -- HELP!

SOLVED
bilwyboy
Visitor

VPN / Netgear CG3000DCR -- HELP!

After a long journey, I decided to abandon our SB6141s...reoccurring configuration problems which simply cannot be resolved with any permanency The Motorola passed the Dynamic IP to our Cisco RV180W. We had a reliable site-to-site VPN with a second RV180W.

 

Last Friday the 18th, to my misguided surprise, the field tech brought two Netgears to replace the Motorolas. It was explained to me by two different T1 techs that "bridge mode" is not a setting in and of itself...rather a combination of disabling DHCP & the firewall.

 

Two problems...with DHCP disabled, the Netgear continued to pass 10.1.10.10 to the RV180W. Disabling the firewall bewilders me as that has nothing to do with bridging. NAT has to be disabled thus permitting assignment of the Netgear's IP.

 

I was then informed that I cannot have a VPN without Static IPs for both locations. Well...that is simply wrong. I called a third T1 tech and he also stated that the Netgear will never pass a Dynamic IP. Once our Statics are assigned, he "guarantees everything will function" IMO, there is a severe misunderstanding about the new-ish Netgear modems.

 

Comcast_John...HELP!  Smiley Frustrated

Tags (2)
Community Manager
Community Manager

Re: VPN / Netgear CG3000DCR -- HELP!

Welcome bilwyboy.  I apologize for the confusion. We can place the Netgear in "true bridge mode" so that it will pass the public IP to your router.  A static IP is not compatible with bridge devices on the Comcast network.  Please let us know if you want your Netgear device to bridge mode.  

 

Thank You

 

bilwyboy
Visitor

Re: VPN / Netgear CG3000DCR -- HELP!

Comast_John,

 

I absolutely want both our Netgear modems configured for bridge mode.

 

I sent you a pvt msg with our account details and the MAC and S/N for each CG3000DCR plus my contact info.

 

I wish I had checked for replies earlier. You would be my personal hero if the changes could be implemented before Noon.

 

Best,

bilwyboy Man Very Happy

cwetzel
Visitor

Re: VPN / Netgear CG3000DCR -- HELP!

How can I get our CG3000DCR switched to true bridge mode?  I see it is currently in "residential gateway" operating mode.  We are also trying to get an IPSEC VPN operational with our WatchGuard Firebox behind the Comcast Netgear device.

Community Manager
Community Manager

Re: VPN / Netgear CG3000DCR -- HELP!

Hi cwetzel.  Placing your device in <true bridge mode> will remove your static IP's.  On the Comcast Network only the public DHCP address is passed downstream to a bridged device.  Bridged devices are basically standalone modems.  Assigning a static IP directly to your Watchguard will provide direct network access and still allow for the use of the other 4 IP address in your IP Block.

 

Thank You

tsummers
Frequent Contributor

Re: VPN / Netgear CG3000DCR -- HELP!

Assigning one of your static IP's to your watchguard will be the only way to get the VPN to work. The netgear has no way of forwarding GRE packets. Also, make sure the firewall is disabled or true static subnet AND that the VPN endpoint is NOT enabled on the modem.
cwetzel
Visitor

Re: VPN / Netgear CG3000DCR -- HELP!

The WatchGuard has been issued one of our static IPs and does report this IP correctly when using www.whatismyip.com as suggested.  I have also confirmed that the firewall is disabled for true static IPs.  I have no VPN endpoints configuring in the Netgear, but did not otherwise see a way to disable the VPN endpoint in the modem.  In the past when I switched ISPs (twice in the last year since it has redundant WAN), I just switched the WAN info (IP, gateway, DNS) and VPN policy (IP) in the Watchguard and updated the IP on the VPN policy in the remote firewall (one is a SonicWall, the other a CheckPoint) and it just rolled over and came up fine, but this has not been the case since we moved to Comcast with this Netgear device.  Am I missing something?

 

Update: I downed the other WAN connection on my WatchGuard to try to force a renegotiation over the Netgear (Comcast) from the Sonicwall endpoint in my other office and the message in the Sonicwall logs is below, I have confirmed the IP info is correct:

IKE Initiator: Remote party timeout - Retransmitting IKE request.

Community Manager
Community Manager

Re: VPN / Netgear CG3000DCR -- HELP!

Hi cwetzel. Comcast does not support the use of the Business gateways (SMC & Netgear) for VPN termination endpoints.  The VPN functionality is disabled on the gateways in the configuration bootfile.   

elmergo
Visitor

Re: VPN / Netgear CG3000DCR -- HELP!

Comcast_John

You seem to know what is happening with these modems. Our locations are having the Netgear mailed to them from Comcast. All of our locations (Approx 140 Comcast connections) are remote and have non technicle users. The Comcast support line has been dropping us all day and when you do get ahold of someone they tell us nothing is wrong on the Comcast side.

What to do, It makes it hard to do business

Discussion stats
  • 8 replies
  • 8114 views
  • 0 kudos
  • 5 in conversation