Solved

Motorola SB5100 cable modem and MS PPTP

Posted on 2006-10-24
16
3,325 Views
Last Modified: 2013-11-30
Hi,

I am using a Motorola SURFboard SB5100 for internet connectivity, but I am having issues with the use of one particular type of VPN connection.

I can successfully use a Cisco VPN Client which connects over port 10000, but I cannot use Microsoft PPTP VPN connections which connect over port 1723.  I have eliminated all firewalls at the start and end points for the MS PPTP VPN, and connectivity to the end point has been verified as OK. The ISP I use also supports VPN connections.

I believe the issue is to do with the SB5100 modem itself, as I have tested the MS PPTP VPN connection on two other SB5100 modems (in different locations), and it fails in both instances.  I have also tested the same connection through two SB4100 modems (in different locations) and the MS PPTP VPN connects successfully.

Has anyone successfully run MS PPTP connections over SURFboard SB5100 modems? Is there anything I need to alter to allow the connections (e.g. firmware, etc.)  Motorola do not appear to be interested in helping as they say discontinued devices should be supported by the ISP, and the ISP concerned say they cannot help with VPN issues.

Many thanks,
Mark
0
Comment
Question by:Mark_R
  • 9
  • 6
16 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Perhaps there is a problem with your unit, but I have several clients using the 5100 with no issues. There is nothing on the 5100 you can configure.
Are there any other routers used in conjunction with the 5100 that could be the problem? or might that site be using the same subnet as the other site. Both sites must use different subnets, i.e. if one site uses 192.168.1.x the other must use something else such as 192.168.2.x
0
 

Expert Comment

by:DemeyereI
Comment Utility
This sounds like a problem I've had with our Vienna site.

When we tried to use their Internet Broadband connection of local telco we also were unable to use MS PPtP tunnels towards our firebox.

After elaborate testing the cause of the problem revealed itself as simply the uplink provider blocking this service on this kind of subscription.

Best thing to do is to call your provider and ask them if this service is allowed first.

Greetings,

Ilona
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
Hi,

Thanks to both of you for replying, and sorry for the delay in responding myself.

RobWill - there is nothing else along the route that I can think of which would cause the problem.  I have tested from my home location by direct connection to my SB5100 via CAT5 (removing my wireless router with firewall from the equation).  Windows Firewall was also turned off.  It still failed under those conditions.  If I go to one of the 'test sites' I have used, a relative who uses the same ISP but a SB4100 modem (connected by CAT5), I can go straight onto that machine and create a PPTP connection which works first time.  I have done the same at another site with an SB4100, it works there too.

I had someone else try it at two other locations also using the same ISP, using a connection I had pre-configured, and it fails.  Both locations have an SB5100 modem.

All remote sites are on different subnets to the central site.

My unit could be faulty, but it seems unlikely as no-one I know with an SB5100 can get this connection to work and also my unit works fine with a Cisco VPN Client I use for a different connection (although that uses port 10000, not port 1723).

Ilona  -  I have used the same provider from two other different locations to successfully connect via PPTP to the desired endpoint.  I have also called them and they have confirmed verbally that they support VPNs.

In summary, all locations are using the same ISP but two of those locations use SB4100 modems.  Those two locations have no problems connecting.  The other three use SB5100 modems, and PPTP connections never work from those locations.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
Comment Utility
Very interesting, your tests do imply the 5100 is the problem. You could try e-mailing their technical support at broadband@motorola.com  Quite surprised though as it is a pretty basic modem that I would think would allow all protocols to pass. Your Cisco client is probably using IPSec, where as the Windows client uses PPTP & GRE. I will be at a site on Saturday where I can test a 5100 myself for comparison. I'll post the results if your question is still open. However, as mentioned, I have clients with 5100's and using PPTP.
--Rob
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
Hi Rob,

I've tried contacting Motorola, although not via that e-mail address.  I even went to the lengths of phoning the US, but they said they couldn't help as there was no configuration on the modem that would prevent PPTP connections.  Additionally, the 5100 is discontinued and officially support has been passed to the respective ISPs.

You're probably right about the Cisco client using IPSec, it won't be exactly the same connection.  If you have 5 minutes just to test one of your 5100s, that would be really helpful.  Are your PPTP connections using the default config (other than manually selecting 'PPTP VPN'?)

Regards,
Mark
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Mark, the site where I will be testing currently uses Cisco and Watchguard IPSec clients without a problem. I will set up a temporary PPTP client behind the 5100 using all defaults. I'll see how it goes Saturday and let you know.
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Mark, haven't forgotten you. I was supposed to set up routers, modems and servers for a client that moved on the weekend. when I got there the ISP replaced the existing 5100, during the move, with an Arris unit. I'll find one in the next couple of days to test. Several of my clients have the 5100's.
Sorry,
--Rob
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
No problem Rob!!  Thanks for letting me know.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Actually Mark, by coincidence, I was able to test this afternoon. Tried 2 different Surfboard 5100 modems in 2 different cities and I was able to easily connect with the Windows PPTP VPN client using it's default configuration. Tested browsing and copying of a couple of small files over the VPN. Then I began to wonder if it might be different hardware or firmware versions. Checked these and both were as follows:
Software Version: SB5100-2.3.2.4-SCM00-NOSH
Hardware Version: 3
MIB Version: II
GUI Version: 1.0
VxWorks Version: 5.4

You might want to compare your version information. Can you log on to your unit? The IP with which to connect is usually set by the ISP, but it is often  http://192.168.100.1

Configuration was:
Windows VPN client => Watchguard SOHO router => Surfboard 5100 => Internet=>
    Arris modem => Linksys WRT54G (port forward and PPTP pass-through) =>
          Windows SBS2003 with RRAS configured.

Both sites from which I connected, used identical hardware;  Watchguard router and Surfboard 5100.
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
Thanks for the quick response, Rob.  It looks as though we MAY be onto something here............my modem details are below:

Software Version: SB5100-0.3.1.3-SCM00-NOSH
Hardware Version: 3
MIB Version: II
GUI Version: 1.0
VxWorks Version: 5.4

My software version would appear to be considerably earlier than yours.  I'm going to have a look for updates.

Do you know if these modems are supposed to be self-updating, by the way?  I see this repeated many times over in my 5100 logs:

2006-11-06 11:34:48 4-Error 0x041D050C SW upgrade Failed after download - Incompatible SW file
2006-11-06 11:34:47 6-Notice 0x041D0318 SW Download INIT - Via Config file cm-4096-384

Cheers,
Mark
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
Comment Utility
As far as I know they are not "auto-update" and you cannot do it manually, however those are interesting entries in the logs. I can now log on remotely to those 2 5100's I used, and I just checked; no similar log entries in those units, just lots of failed DHCP requests and time sync errors.

The ISP can log on to those remotely using Telnet and access more information and configuration settings. I wonder if they can remotely force a firmware update.
I would give them a call, explain the problem, and mention 2 units with newer firmware work fine. For the record, both of those units were installed during the last year if that means anything.

Let me know how you make out one way or the other.
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
Hi Rob,

I managed to get some feedback from my ISP, and they cannot confirm whether they have later firmware for the 5100 or whether they will ever be deploying it if they do have it.  Great customer service.

Unfortunately, I'm not sure if I'll get the chance to find the answer to this from my end.  The client of mine who also needs to use the PPTP connections for his business operations (whereas I'd use them for support) has referred to another company who have bypassed the VPN endpoint I was using (an ADSL router with VPN functions) in favour of the MS SBS 2003 VPN option, which is now working.

I'd still like to give you some points, so if I create a new post with a link to this one and 250 points for your help, would that be OK?

Regards,
Mark
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
The ISP here is pretty good. If you have an older modem and a problem like this they will allow you to swap it if you drop it off at their office. Sounds like you might not get a chance anyway.

>>"in favour of the MS SBS 2003 VPN option, which is now working."
SBS VPN uses PPTP in default configuration, that is interesting. Perhaps they are using  SBS's Remote Web Workplace instead. It only requires port forwarding of TCP 443 and 4125, no "fancy" protocols. :-)

Don't worry about the points. No resolution was found. Personally I am more curious as to the source of the problem.
0
 
LVL 1

Author Comment

by:Mark_R
Comment Utility
MODERATORS - Please close this question.  No resolution could be found as the third party responsible for the modem is unwilling to assist.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
Comment Utility
Would be nice not to just close and refund where a lot of effort went into assisting with this problem, including setting up 2 test environments for the asker, to rule out specific problems. Surely some of this was useful information. The fact that the project cannot be completed does not mean the information is not useful or correct.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks Mark. It's appreciated.
Cheers !
--Rob
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

The DSL Parameters part of this article is valid and can be considered with any brand of internet router and modem (Dlink, 3com, Alcatel, Usrobotics, Parks), by accessing the configuration interface available by the manufacturer eg: http://10.1.1.1 …
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now