3Com ADSL Modem Router with stand alone Firewall, inaccessible by IP address from the outside world

Posted on 2006-06-12
Last Modified: 2008-02-01
I have a 3COM modem\router and a seperate 3com firewall.  
I have a block of static IP addresses from BT.  
I wish to set up my router so that my firewall's IP address is accessible publicly for SMTP\RDP etc...

at the moment the IP address from BT is setting as an 81.XX.XX.XX address.  so i have set the router's internal IP address to be my BT static router IP, this is allowing me to browse as the outside address of my firewall is also from my static addresses from BT.

However, these addresses are not viewable if i try and RDP or telnet to them from outside...

Any ideas
Question by:stevedews
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1

Expert Comment

ID: 16884389
What sort of ADSL package do you have from BT?

Expert Comment

ID: 16885105
Which router and which firewall do you have?  It sounds like you are getting through the router fine.  Do you have any access rules on the firewall to enable RDP, Telnet etc.?  Also, verify that the firewall functionality is turned off in the router.

Author Comment

ID: 16885174
i have a 3com router: 3Com Office Connect - 3CRWE754G72
and  this 3com firewall: OfficeConnect® VPN Firewall - 3CR870-95

i had the firewall on the router disabled but this didnt work, so i tried it with the firewall on but with all ports pointing to the hardware firewall through the virtual servers option.

and yes firewall is set up for all those ports.

I just want to be able to access the hardware firewall directly with its external static ip 217.XX.XX.XX instead using the router's external dynamic IP.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16885178
BT connection is a 1Mb ADSL with 5 static IP

Expert Comment

ID: 16885247
Is the router setup with NAT by any chance?

It could be that the internal vlients can access the internet through NAT but that the router is not setup to route traffic to the firewall?

Author Comment

ID: 16885282
NAT is currently enabled on the router should it be switched off?

There is also a IPSEC NAT-T Pass-through setting that is currently off?

Expert Comment

ID: 16885552
Couple of things:

You probably know this but you will not be able to use the wireless portion of the Router if you want to use the VPN Firewall as your firewall.

The Router will do most everything that the VPN Firewall will do with the exception of hardware VPN accelleration and traffic shaping.

If you want to use the VPN Firewall I would suggest instead of disabling the firewall or doing virtual servers for every port, that you use the router in Bridge mode.  Essentially then it will just act as a modem and pass everything through to the VPN Firewall.

Depending on your connection type you will have to configure the appropriate VPI/VCI etc. on the DSL side.  BT should provide this info to you.

It is very atypical to do a router with dynamic addressing to a Firewall with static addressing as you mention.  A more typical scenario would be a modem or bridge with a dynamic or static assignment directly on your firewall.  Or a router with static addressing inside and outside.  The router you have does support though RFC 1481 routing as well as bridging.  My suspicion though is that you really need to bridge the connection to the firewall.

Another alternative would be to get a cheap modem to put in front of the VPN firewall.  This would allow you to possibly use the Wireless Router elsewhere or use the wireless portion only of the router inside the firewall on you LAN.

You generally do not want to allow management on the WAN interface of a firewall unless you are doing a secure connection.  Instead of trying to manage the firewall from the external side I would establish a VPN to the firewall and manage it.  As long as you are doing some level of encryption you can manage it with it's internal private IP address.

Also - use 3DES encryption on you VPN tunnels.  The hardware accellerator in this firewall is very nice.

Expert Comment

ID: 16885576
NAT should be disabled.  When you put the router in bridge mode it will disable all router functions including NAT.

Author Comment

ID: 16885902
Thanks was about to give that a go until disaster struck need to buy another router in the next 5mins:

Do you know if this modem router supports bridging too?
Netgear DG834G?


Accepted Solution

jfrady earned 500 total points
ID: 16886020
Uh-oh.  Hope it wasn't too bad a disaster!  

Just looked at the manual for that device.  In the tech specs it says it does support RFC 1483 bridging and routing.  Could find no other references to bridge mode in the manual however.  

That device would really be overkill anyway.  If you can find a plain old ADSL modem that would be the best thing.  The NetGear you mentioned has firewall, wireless, VPN etc.

I'm assuming you want to use the VPN Firewall for its hardware VPN capabilities.  Depending on where you are located any box type store would have an ADSL modem.  Best Buy, Circuit City, Office Depot, even Wal-Mart, Radio Shack etc.
LVL 18

Expert Comment

by:Sam Panwar
ID: 17508826
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: jfrady {http:#16886020}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer


Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP Jumping 6 73
I am looking for a reliable program to clone servers 5 106
is a device online 4 43
Server Essentials vs Standard 4 19
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question