Comcast Bussiness Class and GRE Tunnels
PC
paul4004 at gmail.com
Tue Jul 26 15:38:38 UTC 2011
I have GRE tunnels and l2tp tunnels over those comcast boxes. l2tp is less
hassle because it handles NAT, but you can do GRE instead -- just make sure
you assign yourself a public static IP.
First, go into the gateway and make sure all firewalls are disabled (it has
a web GUI).
Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the
device is somewhat retarded. You plug into the switch and pull DHCP, and
you get a natted address and it routes.
You can plug into the same switch and set a static IP on your device
(internet public IP), and it will work without NAT, assuming your account
has a static IP.
Set said static IP on your microtik box and it should pass end-to-end
without drops.
On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <nate at blastcomm.com> wrote:
> Hello, I'm hoping that someone here might have run into a similar issue and
> might be able to offer me some pointers.
>
> I have a customer that I am providing redundant paths to, one link over a
> microwave connection, and a backup link over a Comcast Business Class
> Connection. Everything on the Microwave link is working fine. On the
> Comcast Connection, I have a Static IP from Comcast, and I want to setup a
> vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast Static
> IP Address. It looks like the SPI Firewall inside the SMC Gateway required
> by comcast is blocking the GRE packets, I'm basing this on the fact that
> when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel
> while the modem is booting up, then it stops again. I have gotten to Tier2
> support who swears that all Firewalls on the SMC Gateway are disabled.
>
> As a workaround, I was able to establish a PPTP tunnel to my NOC, however
> it seems like the tunnel will only run for a few hours, then becomes slow to
> the point of being unusable. In my mind this would be no different than
> setting up a permanent VPN back to a corporate office, which I would think
> happens all the time, so I'm not sure why I'm running into issues with it.
>
> Anyone with Insights or comments would be appreciated.
>
> Thanks,
> Nate Burke
>
>
More information about the NANOG
mailing list