• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

3Com OfficeConnect VPN Firewall and dynamic assigned IP issue

Hi Experts!
I've a serious issue with this new Firewall I bought about 4 months ago. I'm unable to let the FW grab the dynamic IP of the router, so I need all your help and hints. I need to solve this issue asap so feel free to ask me for informations...
The overview.... the fw is set-up in the dynamic mode connection but is always in obtaining an ip.... the router is an ISDN zyxel that works perfectly in my lan.

Davide.
0
funnyboy
Asked:
funnyboy
  • 3
  • 3
1 Solution
 
martapCommented:

So your ISDN router dials out and gets a dynamic IP assigned and you want this same IP also assigned to your firewall? Explain your setup and needs a bit more.
0
 
fadiramadaCommented:
Hi,

Why don't you tell your ISP to give you a static IP for your router,
and then enter it manually into your firewall? They might charge
you a little more to do it, but if all else fails, I believe this is a
good way to go, no sense in going crazy over it!

Thanks,

Fadi Ramada,
Network+, Security+
0
 
funnyboyAuthor Commented:
I need the dynamic solutions... So I explain better.... I have a Zyxel Prestige 100 ISDN Router that connects to the internet and receive an IP from the ISP. If it's connected directly to a pc, it connects everytime the pc request the connection. So, without the firewall everything is working good. The firewall handle this dynamic connection and following the manual, it obtain the ip of the router and then it handle the connection of the lan. The problem is that following the logs of the router i saw that there is a DHCPDISCOVER tool that is unable to find an ip. I try to set up the DHCP in the Router and it receive the LAN ip correctly, obviously giving an error.... I reset the DHCP to off and it shows always Obtaining an IP address...... I don't want to sell this 360$ FW.......

Davide. Here for hints.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
martapCommented:

So you want the firewall to initiate the ISDN dialout on the ISDN router. If i understand you correctly you have your setup like this:

 Internet ------------ ISDN ------------- FW --------------- CLIENTS

What you need to do is configure a static IP on the ISDN side of your FW and make your FW do DHCP. Here is an example setup:

 Internet ------------ ISDN ------------- FW --------------- CLIENTS
                            ^       ^              ^     ^--- 192.168.1.1
                       dynIP    10.0.0.1    10.0.0.2

Configure the default gateway on your FW to 10.0.0.1. And make your FW DHCP 192.168.1.x addresses to its clients with the 192.168.1.1 as the default gateway.
0
 
funnyboyAuthor Commented:
Perfect Solution. Now I connect perfectly. Do you know the 3Com OfficeConnect VPN? Because I've another question about the One2One NAT of the Firewall....
If I have 7 Ips given from the ISP and would like to associate them with NAT... the 3Com VPN Client told me to associate every ip the ISP reserved me with an internal pc... This is impossible because I have 15 pcs.
With this 10.*.*.* solutions, can I insert fake addresses with this type ??:

NAT Mode >> One-to-one NAT
First IP Address in ISP Pool >> 10.0.0.3
First IP Address in LAN Pool >> 192.168.1.2
Pool Size >> 10

With this mode, can I enable NAT and associate a 10.0.0.4 and a *.6 and a *.8 with the multi 2 one feature in the router with a real IP address ??
Then in this mode theorically, I can open a connection in the router with the 192.168.1.3 >> 10.0.0.4 >> real IP.

The problem is... I have currently a LAN composed by 192.168.1.*, 192.168.2.*, 192.168.3.*..... How do I handle this ??

Thanks,

Davide.
0
 
martapCommented:

I'm not sure I understand what you want to do now. If the 7 IP's that you got are routed to the ISDN dynIP by your ISP, you can route those further to the FW (10.0.0.2).

That way you have full control over those IP's on your FW to do with what you want, NAT or PAT. What you could do is reserve 1 or 2 IP's for outbound PAT (multi2one as you call it) addresses and the other ones for NAT (inbound traffic for lets say web, dns server).
0
 
funnyboyAuthor Commented:
Hi all! I've a new issue related to this firewall.... The configuration works perfectly:
Internet ------------ ISDN ------------- FW --------------- CLIENTS
                            ^       ^              ^     ^--- 192.168.1.1
                       dynIP    10.0.0.1    10.0.0.2

but I'm unable to connect to the FW using a remote connection through the telnet shell. If i disable the ping from the fw, it's still accessible from the net, because it's a dynamic ip and the router instead of the fw answer correctly to it.
How can I configure the nat to forward the request or establish a connection with this dynIp ??
Thanks,

Davide.

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now