Jay Taylor's notes

back to listing index

Setting up static IPs using a Comcast Business Gateway - Page 5

[web search]
Original source (forums.speedguide.net)
Tags: forums.speedguide.net
Clipped on: 2012-08-04
  1. 10-01-10, 04:12 PM #81
    Image (Asset 1/10) alt=
    I spent a long time sorting this out - some with Comcast and some digging.

    Our situation was that we previously had a wired LAN connected via a Router to a Comcast Modem. We upgraded to a Business Gateway with a fixed IP address - and couldn't route.

    We wanted the Gateway to pass all traffic forward to our Router.

    The solution was in two parts - the Comcast people were very helpful indeed and as others have said in this thread we did not actually need them to do anything.

    Part One - in the Comcast SMC Business Gateway settings.
    In the [Firewall] | [Port Configuration] setting
    Set this to:
    [x] Disable all rules and allow all inbound traffic through.

    (there were lots of red herrings about the Gateway IP address of 10.1.10.1, etc. - ignore all that. The above was the only setting change that was actually needed).

    Part Two - in the Router: Step 1.
    Previously the router WAN had been set to be DHCP from the modem.
    In the Gateway scenario that must be changed to be fixed - and must be your static IP address.
    The installing tech had given us our IP Address, its Subnet Mask and the Gateway to use, and the DNS Servers.
    We entered those in the Router's 'WAN IP Network Settings'.

    Part Two - in the Router: Step 2.
    (Browsing was fine but it would not route inbound traffic. Sheesh!)

    Many hours later we discovered what the issue was!

    The router has two methods of mapping inbound port traffic to the destination server (NAT) on our LAN.
    1.) Port Redirection
    2.) Open Ports

    It turns out that if our router has the public facing IP as its WAN setting you /must/ use Open Ports. As 'simple' as that.

    Previously NAT had been handled by Port Redirection, quite happily, but changing the type of connection meant we needed to change over to Open Ports. Once we had done that, then traffic flowed as expected.


    I hope that helps someone!

    Good luck and drink lots of tea!

    OT
Image (Asset 2/10) alt=
Any help would be greatly appreciated.
Image (Asset 3/10) alt= Guinness for Strength!!!
Image (Asset 4/10) alt= We tray to use our router with Comcast business account with 13 static IP's. What router do you use?
Image (Asset 5/10) alt=
Internal LAN 172.a.b.0/24
DMZ 192.168.1.0/24
The World 173.161.71.86/29
Hardware:
Cisco 1711 router
Comcast/SMC SMCD3G-CCR Firmware Version 1.4.0.48-CCR Hardware Version 1.01


LAN 172.a.b.0/24 <-->172.a.b.253 {Cisco 1711} 192.168.1.1 <--> 192.168.1.0/24 DMZ <--> 192.168.1.2 {SMCD3G-CCR} 173.161.71.86/29 <--> the cloud

We have been using ADSL from AT&T for years. We decided to go to Comcast because they could provide a high speed service at the same cost as the DSL.
We have five locations. Two large offices and three small. For the small offices we went with the 12/2 product and the large offices opted for the 22/5 product.
We have five static IPs in each office. The small offices 12/2 installs went off without any issues. The nightmare has been with the two large offices. We have set the SMC devices the same in each office. We cannot get the 22/5 installs fully functioning. We have not had the greatest help from Comcast even at the tier two level (still on going).
In essence, we duplicated the settings in the Comcast as we had in the DSL devices. That is one to one nats for our mail servers, Sorenson IP Phone etc. Yesterday I took our production environment down for the afternoon in a desperate attempt to make it work.

Findings:
1. No client in the internal LAN can get to the internet
2. Client in the DMZ can get to the internet.
3. Our exchange Server was able to receive mail, but could not send it out. We could ping the exchange server from the outside world but can't ping the outside from the server. MXTOOLBOX.COM can do a port scan so there is two way talking going on there. However outgoing mail is stuck.
Basically the 1 to 1s are working but the normal traffic is getting lost in the DMZ or the SMC device (or the return?).

To swap between Cable and DSL I only need to swap one cable from the DSL device to the Comcast.


My CISCO:

ip route 0.0.0.0 0.0.0.0 192.168.1.2 1

DMZ port:
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1

Any help would be wonderful.

Mark
Last edited by markb; 12-30-10 at 01:37 PM.
Image (Asset 6/10) alt= Log into its web admin, cusadmin and highspeed
Firewall section, put a check in "Disable Firewall for True Static IP Subnet Only"

Now log into your own router, and setup the WAN interface with the static IP address that Comcast assigned to your account..as well as subnet, and default gateway.
Uplink your own routers WAN port into one of the LAN ports of the SMC..like port 2 or 3..doesn't really matter.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Image (Asset 7/10) alt= I never use the SMC as the router for my clients networks..I install our own routers, and I set them up to use the static IP Comcast gives their account. Plug that static info into the WAN interface of my own router, and log into the SMC and "enable static IP subnet" option (checkbox..off by default..you have to check that to use your own router..perhaps you didn't?) in the firewall section of the web admin..and it's all set and online.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Image (Asset 8/10) alt=
The temp fix from Comcast is to give us the 8014 and max out the speed. When the new firmware is released, we will get the D3 back.

As I speak Comcast is swapping devices in one office and I am waiting here for them for my home office.
Reply With Quote
  • 07-05-12, 03:18 PM #92
    PercieveBelieveRecieve
    Junior Member
    Join Date
    Jul 2012
    Posts
    2
    Hi YeOldeStoneCat - i just wanted to say thanks for your input - i'm in a similar situation and learned a great deal from your posts!
    Reply With Quote
  • 07-05-12, 03:19 PM #93
    PercieveBelieveRecieve
    Junior Member
    Join Date
    Jul 2012
    Posts
    2
    Hi Marc - so did you ever get this situation ironed out? I have a D3 device that was replaced recently so i assume i have a newer firmware - i'm just getting started implementing the suggestions in this thread.
    Reply With Quote