Solved

Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

Posted on 2006-11-13
7
629 Views
Last Modified: 2008-01-09
Hi Everybody,

I have started having troubles since I received a block of Static IP addresses from QWEST/VISI.
I would really appreciate if somebody could help me.

I will try to explain as much as I can.

Current Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 10.0.0.1
DHCP & Wireless is OFF
NAT is ON
Fortigate 60 has IP address of 10.0.0.225
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range
All Windows XP Clients work great.

New Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 209.98.206.XX9
DHCP, NAT & Wireless is OFF
Fortigate 60 has IP address of 209.98.206.XX8
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range.
These computers dont work.
BUT
All Windows XP clients with static IP addresses in the Range of 209.98.206.XX1 - 209.98.206.XX7 WORK
I can access the Modem, Clients in the 209.98.206.XX range and the Fortigate from Outside of the Network.
I have tried removing the Fortigate from the Network and connecting the DSL modem directly to the Linksys 3124 switch with no Luck.

What I dont understand is why do I need a Local LAN IP address in the ActionTec Modem in the 209.98.206 Range ?
Shouldnt it be in the 10.0.0. Range ?

Do I need to do something to the Static Routing portion of the DSL Modem ?

Thanks for all your help.
0
Comment
Question by:SaleemGhani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Assisted Solution

by:knightrider2k2
knightrider2k2 earned 55 total points
ID: 17934092
NAT is  off. That is why when you configure a client with 209.98.xx.xx it works.

You have to configure NAT, probably on the firewall if it is possible.  
Configure Wan port of fortigate with 209.98.206.xx9. Configure Lan port of fortigate with 10.0.0.225.
Configure your DHCP to give out 10.0.0.225 as default gateway.

Make sure NAT is configured in the firewall.
0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934131
The ip adresses in the 209.98.206.x range are external adressess , not internal. Every computer configured with them is actually part of the internet itselve (if no firewalling is done on the fortigate firewall).

You should setup your fortigate firewall to do NAT (Network Address Translation) for 10.0.0.101 - 10.0.0.200 to one or more of the external addresses.

See http://en.wikipedia.org/wiki/Network_address_translation for more information about NAT.


0
 

Author Comment

by:SaleemGhani
ID: 17934205
Thanks for the comments.

I have tried the solution provided by knightrider2k2.
It has not worked yet. I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.
Maybe a newer Firmware.

What should be the Local LAN IP of the DSL Modem ?

My ISP told me to set a static IP of 209.98.206.XX9 as the Local LAN IP. What is this Local LAN IP for ?

0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17934273
The local LAN ips is the block of ip addresses given by your ISP. Configure it on your firewall not the client computers.

>I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.

I did not understand what you meant here?
0
 
LVL 7

Accepted Solution

by:
dlangr earned 70 total points
ID: 17934554
As your modem is not doing NAT , it requires an outside ip and an inside ip. Outside and inside here refer to the outside and inside interface of your modem. The 209.98.206.XX9 is the inside ip of your modem.

The 209.98.206.XX8 is the ip of the outside interface of your firewall. The internal interal interface of the firewall needs to be configured with an ip in the private ip range 10.0.0.x . As knightrider2k2  suggested, you could use 10.0.0.225 for it or you could use any other ip in the 1.0.0.x range as your router ip (like 10.0.0.253, wich i will use as an example).

Once you configured the internal interface of your firewall with an ip in the 1.0.0.x range, or wile doing so, you should be able to choose NAT as the routing method between the internal and external interface of your firewall. Nat translates source address and port when sending the packages of internal computers to the internet and keeps an list of the current translations, so it can return the answer to the request to the host that requested it. This way you need less external ip's ( the ones from the 209.98.206.x range ) then internal ip's ( 10.0.0.x ).

so your setup should look like this:  Internet <-> (209.98.206.XX? , ext interface)<- Modem ->(int interface, 209.98.206.XX9)<------>( ext interface, 209.98.206.XX8)<- fortigate firewall ->(int interface, 10.0.0.253)<-----> (range 10.0.0.1 .. 10.0.0.252) Network of internal computers.

You should set 10.0.0.253 as the default gateway on the internal computers, but if you use dhcp on the router, dhcp should take care of that.

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934575
you do not need more than 1 external ip for NAT, though if you are able to use more of them, this will usually work better if supporting a lot of internal computers as less computers per ip mean less need to translate the source port.
0
 

Author Comment

by:SaleemGhani
ID: 18196962
Tried all methods still no luck so paid the fortigate tech support to do the configuration.

Problem was the Firmware version on the Fortigate
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question