3Com ADSL Modem Router with stand alone Firewall, inaccessible by IP address from the outside world

I have a 3COM modem\router and a seperate 3com firewall.  
I have a block of static IP addresses from BT.  
I wish to set up my router so that my firewall's IP address is accessible publicly for SMTP\RDP etc...

at the moment the IP address from BT is setting as an 81.XX.XX.XX address.  so i have set the router's internal IP address to be my BT static router IP, this is allowing me to browse as the outside address of my firewall is also from my static addresses from BT.

However, these addresses are not viewable if i try and RDP or telnet to them from outside...

Any ideas
Who is Participating?
Uh-oh.  Hope it wasn't too bad a disaster!  

Just looked at the manual for that device.  In the tech specs it says it does support RFC 1483 bridging and routing.  Could find no other references to bridge mode in the manual however.  

That device would really be overkill anyway.  If you can find a plain old ADSL modem that would be the best thing.  The NetGear you mentioned has firewall, wireless, VPN etc.

I'm assuming you want to use the VPN Firewall for its hardware VPN capabilities.  Depending on where you are located any box type store would have an ADSL modem.  Best Buy, Circuit City, Office Depot, even Wal-Mart, Radio Shack etc.
What sort of ADSL package do you have from BT?
Which router and which firewall do you have?  It sounds like you are getting through the router fine.  Do you have any access rules on the firewall to enable RDP, Telnet etc.?  Also, verify that the firewall functionality is turned off in the router.
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

stevedewsAuthor Commented:
i have a 3com router: 3Com Office Connect - 3CRWE754G72
and  this 3com firewall: OfficeConnect® VPN Firewall - 3CR870-95

i had the firewall on the router disabled but this didnt work, so i tried it with the firewall on but with all ports pointing to the hardware firewall through the virtual servers option.

and yes firewall is set up for all those ports.

I just want to be able to access the hardware firewall directly with its external static ip 217.XX.XX.XX instead using the router's external dynamic IP.
stevedewsAuthor Commented:
BT connection is a 1Mb ADSL with 5 static IP
Is the router setup with NAT by any chance?

It could be that the internal vlients can access the internet through NAT but that the router is not setup to route traffic to the firewall?
stevedewsAuthor Commented:
NAT is currently enabled on the router should it be switched off?

There is also a IPSEC NAT-T Pass-through setting that is currently off?
Couple of things:

You probably know this but you will not be able to use the wireless portion of the Router if you want to use the VPN Firewall as your firewall.

The Router will do most everything that the VPN Firewall will do with the exception of hardware VPN accelleration and traffic shaping.

If you want to use the VPN Firewall I would suggest instead of disabling the firewall or doing virtual servers for every port, that you use the router in Bridge mode.  Essentially then it will just act as a modem and pass everything through to the VPN Firewall.

Depending on your connection type you will have to configure the appropriate VPI/VCI etc. on the DSL side.  BT should provide this info to you.

It is very atypical to do a router with dynamic addressing to a Firewall with static addressing as you mention.  A more typical scenario would be a modem or bridge with a dynamic or static assignment directly on your firewall.  Or a router with static addressing inside and outside.  The router you have does support though RFC 1481 routing as well as bridging.  My suspicion though is that you really need to bridge the connection to the firewall.

Another alternative would be to get a cheap modem to put in front of the VPN firewall.  This would allow you to possibly use the Wireless Router elsewhere or use the wireless portion only of the router inside the firewall on you LAN.

You generally do not want to allow management on the WAN interface of a firewall unless you are doing a secure connection.  Instead of trying to manage the firewall from the external side I would establish a VPN to the firewall and manage it.  As long as you are doing some level of encryption you can manage it with it's internal private IP address.

Also - use 3DES encryption on you VPN tunnels.  The hardware accellerator in this firewall is very nice.
NAT should be disabled.  When you put the router in bridge mode it will disable all router functions including NAT.
stevedewsAuthor Commented:
Thanks was about to give that a go until disaster struck need to buy another router in the next 5mins:

Do you know if this modem router supports bridging too?
Netgear DG834G?

Sam PanwarSr. Server AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: jfrady {http:#16886020}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.