Solved

Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

Posted on 2006-11-13
7
612 Views
Last Modified: 2008-01-09
Hi Everybody,

I have started having troubles since I received a block of Static IP addresses from QWEST/VISI.
I would really appreciate if somebody could help me.

I will try to explain as much as I can.

Current Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 10.0.0.1
DHCP & Wireless is OFF
NAT is ON
Fortigate 60 has IP address of 10.0.0.225
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range
All Windows XP Clients work great.

New Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 209.98.206.XX9
DHCP, NAT & Wireless is OFF
Fortigate 60 has IP address of 209.98.206.XX8
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range.
These computers dont work.
BUT
All Windows XP clients with static IP addresses in the Range of 209.98.206.XX1 - 209.98.206.XX7 WORK
I can access the Modem, Clients in the 209.98.206.XX range and the Fortigate from Outside of the Network.
I have tried removing the Fortigate from the Network and connecting the DSL modem directly to the Linksys 3124 switch with no Luck.

What I dont understand is why do I need a Local LAN IP address in the ActionTec Modem in the 209.98.206 Range ?
Shouldnt it be in the 10.0.0. Range ?

Do I need to do something to the Static Routing portion of the DSL Modem ?

Thanks for all your help.
0
Comment
Question by:SaleemGhani
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Assisted Solution

by:knightrider2k2
knightrider2k2 earned 55 total points
ID: 17934092
NAT is  off. That is why when you configure a client with 209.98.xx.xx it works.

You have to configure NAT, probably on the firewall if it is possible.  
Configure Wan port of fortigate with 209.98.206.xx9. Configure Lan port of fortigate with 10.0.0.225.
Configure your DHCP to give out 10.0.0.225 as default gateway.

Make sure NAT is configured in the firewall.
0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934131
The ip adresses in the 209.98.206.x range are external adressess , not internal. Every computer configured with them is actually part of the internet itselve (if no firewalling is done on the fortigate firewall).

You should setup your fortigate firewall to do NAT (Network Address Translation) for 10.0.0.101 - 10.0.0.200 to one or more of the external addresses.

See http://en.wikipedia.org/wiki/Network_address_translation for more information about NAT.


0
 

Author Comment

by:SaleemGhani
ID: 17934205
Thanks for the comments.

I have tried the solution provided by knightrider2k2.
It has not worked yet. I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.
Maybe a newer Firmware.

What should be the Local LAN IP of the DSL Modem ?

My ISP told me to set a static IP of 209.98.206.XX9 as the Local LAN IP. What is this Local LAN IP for ?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17934273
The local LAN ips is the block of ip addresses given by your ISP. Configure it on your firewall not the client computers.

>I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.

I did not understand what you meant here?
0
 
LVL 7

Accepted Solution

by:
dlangr earned 70 total points
ID: 17934554
As your modem is not doing NAT , it requires an outside ip and an inside ip. Outside and inside here refer to the outside and inside interface of your modem. The 209.98.206.XX9 is the inside ip of your modem.

The 209.98.206.XX8 is the ip of the outside interface of your firewall. The internal interal interface of the firewall needs to be configured with an ip in the private ip range 10.0.0.x . As knightrider2k2  suggested, you could use 10.0.0.225 for it or you could use any other ip in the 1.0.0.x range as your router ip (like 10.0.0.253, wich i will use as an example).

Once you configured the internal interface of your firewall with an ip in the 1.0.0.x range, or wile doing so, you should be able to choose NAT as the routing method between the internal and external interface of your firewall. Nat translates source address and port when sending the packages of internal computers to the internet and keeps an list of the current translations, so it can return the answer to the request to the host that requested it. This way you need less external ip's ( the ones from the 209.98.206.x range ) then internal ip's ( 10.0.0.x ).

so your setup should look like this:  Internet <-> (209.98.206.XX? , ext interface)<- Modem ->(int interface, 209.98.206.XX9)<------>( ext interface, 209.98.206.XX8)<- fortigate firewall ->(int interface, 10.0.0.253)<-----> (range 10.0.0.1 .. 10.0.0.252) Network of internal computers.

You should set 10.0.0.253 as the default gateway on the internal computers, but if you use dhcp on the router, dhcp should take care of that.

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934575
you do not need more than 1 external ip for NAT, though if you are able to use more of them, this will usually work better if supporting a lot of internal computers as less computers per ip mean less need to translate the source port.
0
 

Author Comment

by:SaleemGhani
ID: 18196962
Tried all methods still no luck so paid the fortigate tech support to do the configuration.

Problem was the Firmware version on the Fortigate
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now