Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

Hi Everybody,

I have started having troubles since I received a block of Static IP addresses from QWEST/VISI.
I would really appreciate if somebody could help me.

I will try to explain as much as I can.

Current Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 10.0.0.1
DHCP & Wireless is OFF
NAT is ON
Fortigate 60 has IP address of 10.0.0.225
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range
All Windows XP Clients work great.

New Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 209.98.206.XX9
DHCP, NAT & Wireless is OFF
Fortigate 60 has IP address of 209.98.206.XX8
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range.
These computers dont work.
BUT
All Windows XP clients with static IP addresses in the Range of 209.98.206.XX1 - 209.98.206.XX7 WORK
I can access the Modem, Clients in the 209.98.206.XX range and the Fortigate from Outside of the Network.
I have tried removing the Fortigate from the Network and connecting the DSL modem directly to the Linksys 3124 switch with no Luck.

What I dont understand is why do I need a Local LAN IP address in the ActionTec Modem in the 209.98.206 Range ?
Shouldnt it be in the 10.0.0. Range ?

Do I need to do something to the Static Routing portion of the DSL Modem ?

Thanks for all your help.
SaleemGhaniAsked:
Who is Participating?
 
dlangrCommented:
As your modem is not doing NAT , it requires an outside ip and an inside ip. Outside and inside here refer to the outside and inside interface of your modem. The 209.98.206.XX9 is the inside ip of your modem.

The 209.98.206.XX8 is the ip of the outside interface of your firewall. The internal interal interface of the firewall needs to be configured with an ip in the private ip range 10.0.0.x . As knightrider2k2  suggested, you could use 10.0.0.225 for it or you could use any other ip in the 1.0.0.x range as your router ip (like 10.0.0.253, wich i will use as an example).

Once you configured the internal interface of your firewall with an ip in the 1.0.0.x range, or wile doing so, you should be able to choose NAT as the routing method between the internal and external interface of your firewall. Nat translates source address and port when sending the packages of internal computers to the internet and keeps an list of the current translations, so it can return the answer to the request to the host that requested it. This way you need less external ip's ( the ones from the 209.98.206.x range ) then internal ip's ( 10.0.0.x ).

so your setup should look like this:  Internet <-> (209.98.206.XX? , ext interface)<- Modem ->(int interface, 209.98.206.XX9)<------>( ext interface, 209.98.206.XX8)<- fortigate firewall ->(int interface, 10.0.0.253)<-----> (range 10.0.0.1 .. 10.0.0.252) Network of internal computers.

You should set 10.0.0.253 as the default gateway on the internal computers, but if you use dhcp on the router, dhcp should take care of that.

0
 
knightrider2k2Commented:
NAT is  off. That is why when you configure a client with 209.98.xx.xx it works.

You have to configure NAT, probably on the firewall if it is possible.  
Configure Wan port of fortigate with 209.98.206.xx9. Configure Lan port of fortigate with 10.0.0.225.
Configure your DHCP to give out 10.0.0.225 as default gateway.

Make sure NAT is configured in the firewall.
0
 
dlangrCommented:
The ip adresses in the 209.98.206.x range are external adressess , not internal. Every computer configured with them is actually part of the internet itselve (if no firewalling is done on the fortigate firewall).

You should setup your fortigate firewall to do NAT (Network Address Translation) for 10.0.0.101 - 10.0.0.200 to one or more of the external addresses.

See http://en.wikipedia.org/wiki/Network_address_translation for more information about NAT.


0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
SaleemGhaniAuthor Commented:
Thanks for the comments.

I have tried the solution provided by knightrider2k2.
It has not worked yet. I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.
Maybe a newer Firmware.

What should be the Local LAN IP of the DSL Modem ?

My ISP told me to set a static IP of 209.98.206.XX9 as the Local LAN IP. What is this Local LAN IP for ?

0
 
knightrider2k2Commented:
The local LAN ips is the block of ip addresses given by your ISP. Configure it on your firewall not the client computers.

>I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.

I did not understand what you meant here?
0
 
dlangrCommented:
you do not need more than 1 external ip for NAT, though if you are able to use more of them, this will usually work better if supporting a lot of internal computers as less computers per ip mean less need to translate the source port.
0
 
SaleemGhaniAuthor Commented:
Tried all methods still no luck so paid the fortigate tech support to do the configuration.

Problem was the Firmware version on the Fortigate
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.