2Wire 1800-HG and GTA GB200 VPN Issues

A few days ago the BT supplied router at one of our residential homes failed completely and has been replaced by a 2Wire 1800-HG, this in turn is plugged into the GB200 firewall which is then plugged into the LAN switch.  The home has internet access and can access email using OWA however the secure VPN's on the firewall that we use to connect to our main servers will not accept any traffic.  This means that while the home can get email via OWA they cannot access the remote server based pay system, Exchange through the Outlook client, or any of he shared server resources.  None of the settings have been changed on the firewall box which worked quite happily with the original router.  Any suggestions would be much appreciated.
Who is Participating?
BrookdalealConnect With a Mentor Author Commented:
Thanks for your comments RobWill.  I managed to get some help from British Telecom (no mean feat) - their ethernet team called the soultion "port forwarding" not bridging.  It seems that using the bridge method would have disabled the router entirely rather than just its native firewall functionality.

I am not sure what the EE etiquette is here - your answer  - while appreciated - was not the solution.  As you were the only respondant - must i give the points anyway or can I opt to close the question as "solved by user".

I'm dont want to annoy you by closing incorrectly as i may need your help in the future!!

please advise

Rob WilliamsCommented:
Was the previous device a combined modem and firewall or just a basic Modem? The new unit is both. As a rule, you cannot connect to a VPN if you are behind 2 NAT devices (routers). To get around this the normal procedure would be to put the 2 wire unit in bridge mode, effectively making it a basic modem.
The following are for different model 2 wires but hopefully the instructions for changing to Bridge mode are similar:
Rob WilliamsCommented:
Hi Alex.
Port forwarding is a common solution for non-VPN services. However, VPN's do not like having the client address NATed (Network Address Translation) twice. This is why you put the outer most router in bridge mode effectively disabling all but it's modem capabilities. You are correct this would disable its router and firewall features, however there was an existing GB200 firewall in place as protection.

Normally; 1) port forwarding will not resolve the issue, and 2) port forwarding is done at the VPN server end, not the client.

However, if it works, great!
I am not offended at all if you would like to close and award your last response as the accepted answer, it is <G>. I do appreciate your taking the time to post your findings. I learn from that as well as those that follow with similar problems.
Cheers !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.