Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV180 With Comcast Business Ethernet IP Assignments

I have run into an unusual configuration. Is it possible to configure an RV180 with Comcast's Ethernet IP assignments as a Layer 3 device?

Here's why this is a bit tricky:

Comcast provides a P2P IP address with it's own subnet and gateway that I have to set as my WAN to get any service. They also provide "customer usable" static IP block that use a different subnet than the provided P2P WAN block, hence the requirement that a router or savvy layer 3 device be configured to route the static IPs through to the P2P WAN.

Put another way, a P2P /30 block needs to be routed to a /29 block that holds the public static IPs.

I've tested an RV180 and the most obvious configurations to do this aren't passing static IPs from WAN to the LAN though I haven't completely exhausted every approach yet. Still, there is very little information on doing this specifically other than involving one-to-one NAT or a DMZ neither of which seems to be working for me.

It could be a combination of things such as which Routing mode: (Gateway) NAT or Router? Would either of these modes work with one-to-one NAT the same way? Is it a combination of DMZ, a Routing Mode as well?

Any insight would be appreciated.

I'm most familiar with Sonicwall devices, but even then I've never had to route anything this way with static IPs. Until now our ISP always provided the Layer 3 device.

Everyone's tags (3)
8 REPLIES
New Member

Re: RV180 With Comcast Business Ethernet IP Assignments

Here's more specifics after some more testing:

  • RV180 is new with firmware 1.0.3.10
  • RV180 is in Gateway (NAT) mode.
  • WAN P2P IP is setup and working properly.
  • Outgoing web access from a test PC on the LAN is good-to-go.
  • Ping is enabled and works for the WAN IP from the greater Internet.
  • I can also ping the LAN device I am mapping towards from the internal RV180 diagnostic toolsl.

If the RV180 is set to one-to-one NAT (any service) using the provided Comcast public IPs to my static assigned LAN IPs, my test PC reports the correct public static IP address back to the Internet using a "what's my ip" search engine query. However with these settings I cannot ping this same static IP from the outside. Setting additional (redundant) firewall DNAT rules for any service pointing the WAN to the DNAT IP in addition to One-to-one NAT makes no difference.

Other posts on this community suggest that either one-to-one NAT or a DNAT firewall rule will do the same thing with the DNAT option being preferred for fine access rule control. I tried removing one-to-one NAT and setting both incoming and outgoing DNAT rules. My public static IP still cannot be pinged and my static assigned test PC does not report the proper static IP to the Internet (e.g. "what's my ip"). I might have missed something else in this configuration as well.

So to date I've yet to get the Comcast public IPs that are routed through our P2P WAN IP to talk to the LAN on the RV180. My takeaway so far is that even with one-to-one NAT there is something missing even though one-to-one NAT should dump all services/ports between the WAN and LAN with the correct IP address. I'm going to go over my setups again and try some more things, but it is beginning to seem like this particular configuration is a no-go and I should go for another router. Comcast suggests a "brown box" or commercial grade device (

http://www.youtube.com/watch?v=n2xIWXhr36c&list=PLgtKT-w1Akk24p4tIMDiyugBiSO7Z7Z8V&feature=share&index=4)

.

Gold

Re: RV180 With Comcast Business Ethernet IP Assignments

Eric,

To allow ping reply from internet, go to Firewall-> Attack Prevention: Respond to Ping on WAN (Internet)

One-to-One NAT traffic is firewalled. To allow all inbound traffic, create an Access Rule for any service. Select Use Other WAN (Internet) IP Address at the bottom and enter the WAN IP that is bound to the LAN server.

- Marty

New Member

Re: RV180 With Comcast Business Ethernet IP Assignments

Thanks for the clarification on One-to-One NAT still requiring access rules. It would seem so anyway, but I've read enough other threads now that I couldn't be sure what to expect any more.

  • Ping is (and has been) enabled via Respond to Ping on WAN (Internet), and as before the RV180's WAN IP is responding to a ping from the 'net. Check!

  • I created an incoming Access Rule with Any service, Any source IP with Send to Local Server (DNAT IP) set to my LAN server, then enabled Use Other WAN (Internet) Destination IP using the first public IP in the One-to-One NAT configured block.

  • Also, "What's my IP" in a browser shows the proper static public IP from the test PC.

I'm still not getting a successful ping from the outside or any indication that incoming traffic is going where it should via One-to-One NAT.

I have a theory that somehow Comcast hasn't properly enabled our static IPs although they can be traced and are seen by the Internet. Testing that is going to be difficult without getting either the RV180 or any other router working as expected.

Gold

Re: RV180 With Comcast Business Ethernet IP Assignments

Eric,

The easiest way to test additional WAN IPs is to use one of them as the static WAN IP of the router. If it fails, there is something wrong at the ISP side.

- Marty

New Member

Re: RV180 With Comcast Business Ethernet IP Assignments

That's the odd part of the Comcast Business Ethernet Fiber configuration requirement; only the P2P static IP will work for the WAN and it is a different subnet from the "customer usables" public block. Comcast is routing our public block through the P2P IP, however we have to route that to our own gateway since the provided P2P gateway is on a different subnet.

The best way to present this is to provide an example of the addresses provided:

Assign to your Layer 3 device:

P2P IP:  000.111.222.96/30

Gateway (.97)        

Customer Layer 3 (.98)

P2P Subnet: 255.255.255.252

Customer’s Usables:

Customer Allocation: 000.111.222.104/29

Customer Useable IP’s:  000.111.222.105 thru .110

Customer Allocation Subnet: 255.255.255.248

The P2P block is the only useable WAN gateway, so we must route the RV180's LAN to that while mapping the proper "Customer Usable" block through the RV180.

I could even be on the wrong track using One-to-One NAT; Perhaps static routes are required with Routing Mode set to "Router" instead of "Gateway (NAT)"?

Gold

Re: RV180 With Comcast Business Ethernet IP Assignments

Eric,

That is odd. Normally when we see a block of WAN IPs, they are consecutive. The first one goes on the WAN port and the rest use One-to-One NAT.

You may be right about using Router Mode and static routes.

- Marty

New Member

Re: RV180 With Comcast Business Ethernet IP Assignments

My first test setups had Routing Mode set to "Routing" with static routes set and with the static IPs on the LAN. I had no success with that though I was suspicious that I hadn't covered all the settings properly. After reading up on similar configurations it seemed that DNAT/One-to-One was a good approach to try. Overall I'm not experienced building static routes and the RV180 settings don't quite align with most Cisco-related static routing tutorials which are written for the "big-boy" routers and usually involve command-line statements. But it's worth another shot.

To clarify:

  1. If I switch the Routing Mode from "Gateway (NAT)" to "Router" should I assign the Comcast public IP block to the LAN (or a VLAN) as well?
  2. Can the public IPs still be controlled with One-to-One NAT and DNAT Access Rules the same way in the "Routing" mode as they would in "Gateway (NAT)" mode?

I'll add that I ended up on the NAT side of things based on this post:

https://supportforums.cisco.com/thread/2149819

Also, it may help the discussion to share his visual topology example ripped off from a Comcast help discussion elsewhere as it isn't far from what we'd want to set the RV180 to do:

example_design.png

New Member

After further testing and in

After further testing and in the interest of keeping this forum useful I would like to return to my original question regarding whether the RV-180 is a good fit for a small business layer 3 router when used with Comcast's slightly unusual static IP requirement:

The conclusion is no, the RV-180 is not a good solution as a layer 3 router for Comcast Business Ethernet when mulitple public IP addresses are needed. It will work fine in most other common NAT scenarios, but not for one involving Comcast Business.

Suggested alternatives would be an Adtran or Cisco 891 series device that is more specific to routing only.

977
Views
0
Helpful
8
Replies