Solved

Actiontek GT701-WG DSL Modem on Static IP with NAT Off, DHCP Off, Wireless OFF

Posted on 2006-11-13
7
618 Views
Last Modified: 2008-01-09
Hi Everybody,

I have started having troubles since I received a block of Static IP addresses from QWEST/VISI.
I would really appreciate if somebody could help me.

I will try to explain as much as I can.

Current Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 10.0.0.1
DHCP & Wireless is OFF
NAT is ON
Fortigate 60 has IP address of 10.0.0.225
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range
All Windows XP Clients work great.

New Setup:
DSL Line connected to the GT-701WG modem
FORTINET-Fortigate 60 Firewall connected to Ethernet port of Modem
Linksys 3124 Switch connected to Fortigate
All Clients connected to Linksys 3124
Modem has a Local LAN-IP of 209.98.206.XX9
DHCP, NAT & Wireless is OFF
Fortigate 60 has IP address of 209.98.206.XX8
Clients obtain their DHCP addresses from a Windows 2003 DHCP server with the Microsoft DHCP in the 10.0.0.101 - 10.0.0.200 range.
These computers dont work.
BUT
All Windows XP clients with static IP addresses in the Range of 209.98.206.XX1 - 209.98.206.XX7 WORK
I can access the Modem, Clients in the 209.98.206.XX range and the Fortigate from Outside of the Network.
I have tried removing the Fortigate from the Network and connecting the DSL modem directly to the Linksys 3124 switch with no Luck.

What I dont understand is why do I need a Local LAN IP address in the ActionTec Modem in the 209.98.206 Range ?
Shouldnt it be in the 10.0.0. Range ?

Do I need to do something to the Static Routing portion of the DSL Modem ?

Thanks for all your help.
0
Comment
Question by:SaleemGhani
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Assisted Solution

by:knightrider2k2
knightrider2k2 earned 55 total points
ID: 17934092
NAT is  off. That is why when you configure a client with 209.98.xx.xx it works.

You have to configure NAT, probably on the firewall if it is possible.  
Configure Wan port of fortigate with 209.98.206.xx9. Configure Lan port of fortigate with 10.0.0.225.
Configure your DHCP to give out 10.0.0.225 as default gateway.

Make sure NAT is configured in the firewall.
0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934131
The ip adresses in the 209.98.206.x range are external adressess , not internal. Every computer configured with them is actually part of the internet itselve (if no firewalling is done on the fortigate firewall).

You should setup your fortigate firewall to do NAT (Network Address Translation) for 10.0.0.101 - 10.0.0.200 to one or more of the external addresses.

See http://en.wikipedia.org/wiki/Network_address_translation for more information about NAT.


0
 

Author Comment

by:SaleemGhani
ID: 17934205
Thanks for the comments.

I have tried the solution provided by knightrider2k2.
It has not worked yet. I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.
Maybe a newer Firmware.

What should be the Local LAN IP of the DSL Modem ?

My ISP told me to set a static IP of 209.98.206.XX9 as the Local LAN IP. What is this Local LAN IP for ?

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17934273
The local LAN ips is the block of ip addresses given by your ISP. Configure it on your firewall not the client computers.

>I am trying to go through different setups to see maybe there is a way to to have a LAN Port address on the Fortigate.

I did not understand what you meant here?
0
 
LVL 7

Accepted Solution

by:
dlangr earned 70 total points
ID: 17934554
As your modem is not doing NAT , it requires an outside ip and an inside ip. Outside and inside here refer to the outside and inside interface of your modem. The 209.98.206.XX9 is the inside ip of your modem.

The 209.98.206.XX8 is the ip of the outside interface of your firewall. The internal interal interface of the firewall needs to be configured with an ip in the private ip range 10.0.0.x . As knightrider2k2  suggested, you could use 10.0.0.225 for it or you could use any other ip in the 1.0.0.x range as your router ip (like 10.0.0.253, wich i will use as an example).

Once you configured the internal interface of your firewall with an ip in the 1.0.0.x range, or wile doing so, you should be able to choose NAT as the routing method between the internal and external interface of your firewall. Nat translates source address and port when sending the packages of internal computers to the internet and keeps an list of the current translations, so it can return the answer to the request to the host that requested it. This way you need less external ip's ( the ones from the 209.98.206.x range ) then internal ip's ( 10.0.0.x ).

so your setup should look like this:  Internet <-> (209.98.206.XX? , ext interface)<- Modem ->(int interface, 209.98.206.XX9)<------>( ext interface, 209.98.206.XX8)<- fortigate firewall ->(int interface, 10.0.0.253)<-----> (range 10.0.0.1 .. 10.0.0.252) Network of internal computers.

You should set 10.0.0.253 as the default gateway on the internal computers, but if you use dhcp on the router, dhcp should take care of that.

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17934575
you do not need more than 1 external ip for NAT, though if you are able to use more of them, this will usually work better if supporting a lot of internal computers as less computers per ip mean less need to translate the source port.
0
 

Author Comment

by:SaleemGhani
ID: 18196962
Tried all methods still no luck so paid the fortigate tech support to do the configuration.

Problem was the Firmware version on the Fortigate
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question