Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I2002 phn behind Linksys WRV200 &Alcatel ST580/ NAT in Guatemala

Status
Not open for further replies.

jsimonkeller

IS-IT--Management
Jun 25, 2007
3
GT
I have a client that is in Guatemala for an adoption and will be living there for several months. Before he left town, we set up his VPN connection and he bought an i2002 phone and a Linksys WRV200 router. All tested well at his home.

When he arrived in Guatemala, the apartment he is living in has internet provided to each apartment through their central modem, which is an Alcatel Speedtouch 580. The Alcatel acts as a router as well, so when the signal reaches his apartment, he has a local ip and not a public ip. We sniffed out the public IP for testing purposes and put it into the firebox at the office and when we hooked up the VPN router and booted up the phone, it shows that it is trying to connect "T", but never actually connects.

I called Linksys. Here is a partial transcript from a chat session-

----------------

You: We have a wrv200 that was setup to establish a VPN to the office. The connection is to a Watchguard Firebox 700. The VPN worked fine, however, the router has moved to a different location. At the new location, the Internet is provided by the building management and the wvr200 is now behind a NAT router. In this new setup, the VPN will not connect.

Anna Marie Zamora (19603): I see. The WRV200 should be the main router because if it is behind another router, it will not properly establish a VPN tunnel since that the WRV200 is not getting any WAN IP directly from the ISP.

You: Is there any workaround? We are unable to put the WRV200 as the main router.

Anna Marie Zamora (19603): Other than setting the VPN router as the main router, you may need to make sure that the WRV200 will get a different WAN IP from the ISP behind the router

You: We do not have the ability to control that router. Internet service is provided by building management and is available to other tenants besides us. I do not think we would be able to disable NAT on that router because of this.
Anna Marie Zamora (19603): I see. Can I put you on hold for 2 to 5 minutes? I just need to verify something from my resources.

You: yes

Anna Marie Zamora (19603): Thank you for waiting. There is no other way other than putting up the router as a main connection. The VPN will not connect properly because the remote location is having a hard time connecting or passing thru a double NAT devices.

The only solution I see is as follows-

1- Your router would be placed in the apartment office for everyone to use. We would need to modify the configuration to make sure it did not issue IP addresses in use in your apartment. I assume the router would also need to be configured for PPPoE to the Internet; this is usually how DSL connects and requires a username/password provided by the ISP.

2- The DSL modem would need to support bridge mode. This would allow the router to receive the legitimate IP address from the ISP

3- You would need a switch and/or a wireless access point in your apartment to connect all of your devices. The one connection provided by the apartment would connect to the switch as would all of your devices. We would need static IPs assigned to your devices.

4- Once you are ready to leave Guatamala, all of this would need to be undone, unless you want to leave the router with the apartment.

----------------------

Is this the only solution I can provide to my client? I do not think the apartments will let him disrupt all of there other internet connections to accommodate one tenant. His i2050 phone works, which has been his saving grace, but he would prefer to use the i2002 for obvious reasons.

Any thoughts?
 
Try another device that supports "NAT Traversal".

Have you tried using a VPN client on his machine and running an i2050? You will need a VPN client that can handle "NAT Traversal". What is your VPN endpoint, is it a Contivity?
 
If his i2050 works, could you use a usb hub to connect the i2002 phone thru the software vpn his laptop is using?
(I'm assuming a software vpn rather than the linksys the i2002 is using)

 
the i2050 works fine through the mobile user VPN on his laptop. I am not sure how the usb hub would work. Would I convert the network out on the phone to USB on the laptop? I am not an expert on Nortel IP Phones.
 
we are attempting to take the linksys out of the loop and use VPN pass through on the Alcatel. I will report back

J Simon Keller
------------------------
jkeller@lassiterlaw.com
 
Start with the simple stuff. Can you create a VPN tunnel with the Linksys and your Firebox? If not, stop right there.

At home I use a C221 behind a simple Dlink Router (C221 Wan is a private IP from the DLink) back to the office (Nortel CES1500) and have no trouble. I have an i2004 from the C221 and a laptop into the PC port. Works sweet.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top