12-19-2010 12:29 AM - edited 12-19-2010 1:13 AM
A few months ago I configured a VPN router and a Nuvico security camera DVR so they would be accessible through a 3800HGV-B: Internet --> 3800HGV-B (10.0.0.1) --> DMZ+ --> VPN router (192.168.1.1) --> Nuvico DVR (192.168.1.120)
It seemed straight forward at the time - I simply placed the VPN router's IP address (assigned statically through the 3800HGV) into DMZ+ mode. The Nuvico DVR was then placed into the VPN router's DMZ mode.
I was able to see my security cameras on any web browser away from home and I was able to connect to my VPN router LAN through a PPTP VPN client. The VPN seemed to drop every once in a while but it was usable.
Nuvico is using its own DDNS service, so you can access the security DVR by typing kxxxxxx.connectip.net:7000 into any internet-connected web browser. xxxxxx are the last six digits of the DVR's MAC address. 7000 is the default port that Nuvico utilizes. As I mentioned earlier, this setup has been stable for a few months.
Several days ago, the security cameras could no longer be accessed through the Iphone or a web browser. I suspected that the VPN router had fallen offline and sure enough, the VPN router WAN IP address (= 3800HGV DMZ+ IP adress) had somehow changed to a completely arbitrary non-sensical set of octets. So I changed the IP adress to its previous static value (10.0.1.34). After that everything seemed normal for a few days.
Today, the security camera DVR and the VPN router were once again not accessible from the outside.
However, this time around the VPN router had not fallen offline. All the other devices on the LAN side of the VPN router were still able to access the internet (laptop, Blu-Ray player, etc.).
I first power-cycled the 3800HGV and the VPN router without seeing any improvement.
Then I realized that I should have put the VPN router WAN IP not in static but DHCP assigned (through 3800HGV) mode from the beginning (strange, because the static setup had been working fine). After cycling the VPN router, its WAN IP changed to the same adress as the WAN IP of the 3800HGV, in other words, the VPN router was once again exposed to the internet. I was able to look at the security DVR on the Iphone for about 10 minutes, then I noticed that the WAN IP had "switched" back to 10.0.1.34 and access to the cameras from the Iphone (or any web browser) was once again disabled as the DMZ+ mode was still configured for the outside WAN IP address routing. I tried a different (model) VPN router and put it also in DMZ+ mode - same problem.
Next I conected the Nuvico DVR directly to the 3800HGV. I tried both dynamic and static settings with the Nuvico DVR and the DMZ+ mode setting of the 3800 HGV. I was able to access the DVR from the outside sporadically at best. The DVR would be assigned the outside WAN IP adress for a few minutes and then fall back to its regular (10.0.1.x) DHCP IP address. So I finally grabbed the DVR and the first VPN router and drove over to a friend's house connecting the same equipment (without the actual cameras of course to a plain cable modem. Guess what - I was able to access the DVR from my Iphone and the VPN started working as well, so it is clearly not the DVR, Nuvico's DDNS or a VPN router issue.
This is really confusing. Nothing has been changed on my network. I tried different VPN routers. I tried without VPN routers. Did I just get lucky a few months ago ? Was there some sort of firmware change that AT&T may have deployed recently ? I heard from AT&T tech support that AT&T has specialized field service engineers who (for a fee) will troubleshoot these types of issues - can anyone confirm that ?
Any help or suggestions are much appreciated. Thank you.
12-19-2010 8:06 AM
I've seen this kind of thing on occasion (where a device behind the RG won't stay as the DMZ plus device -- it instead gets a different IP address).
My suggestion would be to reset the RG to factory defaults. Go into the RG configuration, go to Settings -> Diagnostics -> Resets and use the button at the very bottom to reset the RG to factory defaults.
After that, set up your VPN router again and see if it then keeps the DMZPlus address.
12-19-2010 8:53 AM
Thank you for the fast reply. I was thinking about doing the "Factory Reset" before I posted on the forum. I was just concerned that doing so would possibly disable U-Verse TV and Phone as they are part of the U-Verse package in this case. Would AT&T have to re-establish the service from their end after a factory reset or will all services come back normal ? Thank you for your help.
12-19-2010 9:31 AM
All services will come back, there is no specific provisioning in the RG for the services. The only thing specific is the security certificate, which is specific to your account. But the factory reset does not mess with the security certificate.
12-21-2010 12:28 PM - edited 12-21-2010 12:28 PM
I won't be able to get back on-site before next week. I will keep you posted and let you know what happens.
© 2016 AT&T Intellectual Property.This link will open a new window All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Congratulations! You earned the Liz badge!