Setup Static IP's Router behind RG 5031NV

Contributor

Setup Static IP's Router behind RG 5031NV

I am trying to move from TWC to AT&T and need to have static IP's. I have a block of 5 usable and have been working with AT&T Level 2 support to try and get them working. They cannot figure this out. I would prefer to setup bridge mode in the device and let my firewall do all the routing and protection. This is my current setup. I have tried a few different things since the AT&T Level 2 guys can't figure it out. I've read that this model does not do bridging well, if at all. I've tried the DMZ route and that assigned a completely different public IP to my device than what I was given. How do I configure this device to work the way I need it to? If I can't get this to work, I'm going to seriously cancel the service. I'm on day 5 of trying to get this working. 

 

Any help is greatly appreciated. 

 

 

Message 1 of 18 (19,898 Views)
Expert

Re: Setup Static IP's Router behind RG 5031NV

Do you need the static IPs to work on the subnet that's directly connected to the 5031NV, or do you need them to work behind your own router, which itself will be connected to the 5031NV?

Also, what router are you working with?
Message 2 of 18 (19,826 Views)
Mentor

Re: Setup Static IP's Router behind RG 5031NV

If you want to use a static IP block, you should be configuring it in Settings > Broadband > Link Configuration > Supplementary Network > Add Additional Network. A recent update added a "Cascaded Router" feature to that screen, but I don't know if that applies to your case.

I don't know the 5031NV, but most RGs need each static IP to be associated with a different MAC address. Can your firewall supply multiple unique MAC addresses?
Message 3 of 18 (19,813 Views)
Community Support

Re: Setup Static IP's Router behind RG 5031NV

Hi cpsavage,

 

Just wanted to check in with you to see if you were ever able to get your issue resolved. There are different setups to produce the desired result, based off the modem you have. With the static IPs though, are you even able to browse when having one device directly connected?

 

Let us know how it's going, and if any issues, I am positive this community will be able to help.

 

-David T

If you encounter any issues with your service or equipment, I recommend checking out our Troubleshoot & Resolve solutions to help diagnose the issue.
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 4 of 18 (19,803 Views)

Re: Setup Static IP's Router behind RG 5031NV

I am having similar problems. I have managed to get ssh working, somehow, but https and mail don't work. It would be very nice if there were a step-by-step howto for setting up static IPs on this device.

Michael L Martin
Message 5 of 18 (19,785 Views)

Re: Setup Static IP's Router behind RG 5031NV

I'm trying to open up port 1194, UDP for openvpn. I see this in the 5031NV log:

 

INF     2013-10-20T17:51:45-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Session Matches User Pinhole, Packet Passed
INF     2013-10-20T17:51:45-05:00       fw,     src=70.234.208.11 dst=50.201.220.162 ipprot=1 icmp_type=3 icmp_code=3 ICMP Dest Unreachable, session terminated
INF     2013-10-20T17:51:53-05:00       fw,     src=50.201.220.162 dst=70.234.208.11 ipprot=17 sport=34923 dport=1194 Unknown inbound session stopped

So, the firewall says, "Yes, I recognize this request as a valid user pinhole request, and I'm passing the packet on".

Then it says, "What the heck is this?!? Dropping it on the floor..."

 

I honestly don't know what to make of this. I had Uverse installed last Wednesday (16 Oct. 2013) and am already seriously considering cancelling the service. I called AT&T about this, and got handed off to several different

individuals, none of whom seemed to have any clue what I was trying to tell them. The last person I talked to told me that I was now talking to a "fee-based" tech support team. His English was very difficult to understand, but it

sounded very much like he was reading from a script, and was of no help whatsoever.

 

AT&T used to have awesome customer support. What happened?

 

 

Michael L Martin
Message 6 of 18 (19,773 Views)
Community Support

Re: Setup Static IP's Router behind RG 5031NV

[ Edited ]

Hi building39,

 

Without knowing the entire details of how this connection is operating, what it appears is that there is some kind of acknowledgement/negative acknowledgement request happening. It appears that outside connection is sending the information to your device behind our router, which forwards it with no problems, from there, it sends a request back to that destination IP trying to establish a connection, but it gets an unreachable error, causing the inbound session to completely terminate at that point.

So with that, it appears the forwarding rules are working right, but you may need to add a few more to handle this acknowledgement request, or you may need to look into the rules on the other device to see if it is blocking traffic from your U-verse modem.

 

One thing to try is putting the device in DMZ mode, and seeing if that helps.

To do so, on the Pace 5031

  1. Login to http://192.168.1.254
  2. Click on Settings
  3. Click on Firewall
  4. Click on Applications, Pinholes and DMZ
  5. Select the device you are trying to pass traffic to
  6. Click Allow all applications (DMZ plus mode)
  7. Save

Let me know how it goes.

-David T

If you encounter any issues with your service or equipment, I recommend checking out our Troubleshoot & Resolve solutions to help diagnose the issue.
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 7 of 18 (19,761 Views)
ACE - Expert

Re: Setup Static IP's Router behind RG 5031NV

I'm not sure what to make of the conversation.  As you say, you've got a message incoming from a Comcast served address using UDP which is passed through, but then it (the RG) discovers it doesn't know how to route the packet, so it replies back with that fact (the ICMP message) and closes the connection. 

 

Something is hosed with the routing setup.  Work with @DavidCS, as he can get the proper information for you.

 

I'm assuming that you're dealing with a Static IP block, as that is the title of the thread you've posted in.  Have you been to the Settings/Broadband/Link Configuration page and added the suplementary network?

 

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 8 of 18 (19,734 Views)
Contributor

Re: Setup Static IP's Router behind RG 5031NV

I have an ISA firewall behind my 5031NV. I have assigned all 5 ofv my IP addresses to my ISA Server yet  my 5031NV only recognizes the 1st IP address in the list. I need it to recognize all 5 so that my ISA firewall can handle traffic instead of my modem.

Message 9 of 18 (19,044 Views)
Teacher

Re: Setup Static IP's Router behind RG 5031NV

Did you ever find a solution to your problem? I have the same issue (my firewall is a ZyWALL 50). I want all 5 Static IPs to map to 5 servers inside my DMZ subnet. I have only successfully connected the one server that maps to the IP assigned to my router/firewall WAN port.

They sure do a good job of making life miserable with 5031NV RG...
Message 10 of 18 (18,530 Views)
Expert

Re: Setup Static IP's Router behind RG 5031NV

To use the static IP addresses behind another router, you will have to use the "Cascaded Router" option. I have not tested this option, so I can't tell you if it works or not and/or what the caveats would be. This option would be used on it's own (i.e. you have to turn off Supplementary Network and DMZPlus in order to use it).

Message 11 of 18 (18,521 Views)
Highlighted
Teacher

Re: Setup Static IP's Router behind RG 5031NV

OK. I wish there was some documentation on the "Cascaded Router" option. It isn't really self explanatory how to set it up. I am not at the office right now but will try later. I did try disabling Supplementary Network and enabling Cascaded Router with the pointer to the IP address I have selected for my router. That didn't work but I would not be surprised if there are parameters I am missing either in the 5031 or in my corporate router (I just do a NAT map of a public range to a private range in my ZyWALL NAT which is called "many 1:1 NAT" in ZyWALL terminology. Specifically WAN public IPs as follows 104.xxx.xxx.9-13 are mapped to DMZ private IPs of 192.168.3.9-13). The 104.xxx.xxx.9 IP address is also the address of the ZyWALL router which is how the RG recognizes the router in "Supplementary Network" mode. I am assuming it gets identified the same way when in "Cascaded Router" mode but maybe that is where I am getting it wrong...
Message 12 of 18 (18,510 Views)
Teacher
Solution
Accepted by JefferMC (ACE - Expert)
‎09-30-2015 1:39 AM

Re: Setup Static IP's Router behind RG 5031NV

 

Got it working.  Others probably already know this but there is a key assumption in "Cascaded Router" mode that I was missing.  You have to make the WAN port on your internal router contain an IP address from the private range given by the 5031NV RG. 

 

If my public block was 1.2.3.8-15 (.9 - .13 useable) then I would do the following:

 

Check the "Enable Cascaded Router" box in the Broadband link screen

Network Address = 1.2.3.8

Subnet mask = 255.255.255.248

 

Router Address = 192.168.1.14 (pick an IP address from the private static range below 192.168.1.33)

 

On your inside router:

WAN port set to static IP 192.168.1.14

Gateway = 192.168.1.254

Subnet mask = 255.255.255.0

 

 

 

Once this is all set up. The Public Static IP addresses (1.2.3.9-13 in this example) will come through the WAN port on your router without any interference from the 5031NV RG.  With my ZyWALL 50 these addresses can be subject to virtual server mapping or "many 1:1 NET" from WAN to DMZ without any trouble.  It's confusing to have your WAN port be set to a private IP address while sending the public IPs through but it works fine on my router.

 

Message 13 of 18 (18,432 Views)
ACE - Expert

Re: Setup Static IP's Router behind RG 5031NV

Thank you @gimp_dad for posting your configuration and that you were able to get it working.

 

Actually, that makes sense to me.  You're telling the RG that the next hop for traffic arriving at its WAN port on the public static addresses is the router on its LAN which it can reach at a private IP address, and telling your internal router that the next hop for the default route from its LAN side is the private IP address on the LAN side of the RG.  The traffic arrives at the next hop, that router knows how to route that address and away the packet goes.

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 14 of 18 (18,418 Views)
Teacher

Re: Setup Static IP's Router behind RG 5031NV

I agree that it all makes sense.  This seems like a configuration that would be commonly desired.  ATT should do a better job of explaining it.  There is zero documentation on this mode.  Part of what makes it unintuitive is because the identification of my router by using a private IP address from the RG is totally different treatment than used for either Supplementary Network or LAN IP modes.

 

By the way, my solution has one more level of complexity.  I am actually mapping the Public IP block to a private block (192.168.3.xx).  As a result the public static IP block is never specifically sent to my internal DMZ port.  I have a WAN to DMZ NAT conversion in between.  This, of course, makes it much easier to do two things:

1. have other supporting file or compute servers on the DMZ network for supporting my public servers,

2. allow more levels of virtual server mapping to be taken care of on my ZyWALL router (e.g. can map one public IP address to a mail server and a different web server).

 

Thanks for the help that got me started down the right path here.

Message 15 of 18 (18,415 Views)