jsimonkeller
IS-IT--Management
I have a client that is in Guatemala for an adoption and will be living there for several months. Before he left town, we set up his VPN connection and he bought an i2002 phone and a Linksys WRV200 router. All tested well at his home.
When he arrived in Guatemala, the apartment he is living in has internet provided to each apartment through their central modem, which is an Alcatel Speedtouch 580. The Alcatel acts as a router as well, so when the signal reaches his apartment, he has a local ip and not a public ip. We sniffed out the public IP for testing purposes and put it into the firebox at the office and when we hooked up the VPN router and booted up the phone, it shows that it is trying to connect "T", but never actually connects.
I called Linksys. Here is a partial transcript from a chat session-
----------------
You: We have a wrv200 that was setup to establish a VPN to the office. The connection is to a Watchguard Firebox 700. The VPN worked fine, however, the router has moved to a different location. At the new location, the Internet is provided by the building management and the wvr200 is now behind a NAT router. In this new setup, the VPN will not connect.
Anna Marie Zamora (19603): I see. The WRV200 should be the main router because if it is behind another router, it will not properly establish a VPN tunnel since that the WRV200 is not getting any WAN IP directly from the ISP.
You: Is there any workaround? We are unable to put the WRV200 as the main router.
Anna Marie Zamora (19603): Other than setting the VPN router as the main router, you may need to make sure that the WRV200 will get a different WAN IP from the ISP behind the router
You: We do not have the ability to control that router. Internet service is provided by building management and is available to other tenants besides us. I do not think we would be able to disable NAT on that router because of this.
Anna Marie Zamora (19603): I see. Can I put you on hold for 2 to 5 minutes? I just need to verify something from my resources.
You: yes
Anna Marie Zamora (19603): Thank you for waiting. There is no other way other than putting up the router as a main connection. The VPN will not connect properly because the remote location is having a hard time connecting or passing thru a double NAT devices.
The only solution I see is as follows-
1- Your router would be placed in the apartment office for everyone to use. We would need to modify the configuration to make sure it did not issue IP addresses in use in your apartment. I assume the router would also need to be configured for PPPoE to the Internet; this is usually how DSL connects and requires a username/password provided by the ISP.
2- The DSL modem would need to support bridge mode. This would allow the router to receive the legitimate IP address from the ISP
3- You would need a switch and/or a wireless access point in your apartment to connect all of your devices. The one connection provided by the apartment would connect to the switch as would all of your devices. We would need static IPs assigned to your devices.
4- Once you are ready to leave Guatamala, all of this would need to be undone, unless you want to leave the router with the apartment.
----------------------
Is this the only solution I can provide to my client? I do not think the apartments will let him disrupt all of there other internet connections to accommodate one tenant. His i2050 phone works, which has been his saving grace, but he would prefer to use the i2002 for obvious reasons.
Any thoughts?
When he arrived in Guatemala, the apartment he is living in has internet provided to each apartment through their central modem, which is an Alcatel Speedtouch 580. The Alcatel acts as a router as well, so when the signal reaches his apartment, he has a local ip and not a public ip. We sniffed out the public IP for testing purposes and put it into the firebox at the office and when we hooked up the VPN router and booted up the phone, it shows that it is trying to connect "T", but never actually connects.
I called Linksys. Here is a partial transcript from a chat session-
----------------
You: We have a wrv200 that was setup to establish a VPN to the office. The connection is to a Watchguard Firebox 700. The VPN worked fine, however, the router has moved to a different location. At the new location, the Internet is provided by the building management and the wvr200 is now behind a NAT router. In this new setup, the VPN will not connect.
Anna Marie Zamora (19603): I see. The WRV200 should be the main router because if it is behind another router, it will not properly establish a VPN tunnel since that the WRV200 is not getting any WAN IP directly from the ISP.
You: Is there any workaround? We are unable to put the WRV200 as the main router.
Anna Marie Zamora (19603): Other than setting the VPN router as the main router, you may need to make sure that the WRV200 will get a different WAN IP from the ISP behind the router
You: We do not have the ability to control that router. Internet service is provided by building management and is available to other tenants besides us. I do not think we would be able to disable NAT on that router because of this.
Anna Marie Zamora (19603): I see. Can I put you on hold for 2 to 5 minutes? I just need to verify something from my resources.
You: yes
Anna Marie Zamora (19603): Thank you for waiting. There is no other way other than putting up the router as a main connection. The VPN will not connect properly because the remote location is having a hard time connecting or passing thru a double NAT devices.
The only solution I see is as follows-
1- Your router would be placed in the apartment office for everyone to use. We would need to modify the configuration to make sure it did not issue IP addresses in use in your apartment. I assume the router would also need to be configured for PPPoE to the Internet; this is usually how DSL connects and requires a username/password provided by the ISP.
2- The DSL modem would need to support bridge mode. This would allow the router to receive the legitimate IP address from the ISP
3- You would need a switch and/or a wireless access point in your apartment to connect all of your devices. The one connection provided by the apartment would connect to the switch as would all of your devices. We would need static IPs assigned to your devices.
4- Once you are ready to leave Guatamala, all of this would need to be undone, unless you want to leave the router with the apartment.
----------------------
Is this the only solution I can provide to my client? I do not think the apartments will let him disrupt all of there other internet connections to accommodate one tenant. His i2050 phone works, which has been his saving grace, but he would prefer to use the i2002 for obvious reasons.
Any thoughts?
