comcast gateway - netgear firewall - sbs 2003 configuration can get out but not in

I have the following configuration:

Comcast modem/gateway:
LAN:192.168.1.1
        255.255.255.0
DHCP:Off
Firewall: 1-1-NAT enabled
             static ip 1 mapped to 192.168.16.2 sbs 2003 server
            static ip 2 mapped to 192.168.16.3 web server
           static ip3 mapped to                    .4 terminal server


Netgear Prosafe VPN Firewall
Wan1
IP: 192.168.1.2
sub:  255.255.255.0
gate:192.168.1.1
dns 192.168.16.2  sbs 2003
LAN:
IP: 192.168.16.1
sub:255.255.255.0
i opened  ports: 25,80,443,444,4125,1723,3389

I can access the internet fine from within my network and application like logmein works fine.

 BUT I can not access OWA(exchange web access), Outlook  from outside network using HTTP, terminal server or other web server.

I have the netgear as a failsafe with if comcast goes down then wan 2 ATT continues. Can you have  2 firewalls? Does it help? I get hit by people trying to logon my network nightly. I also have TrendMicro on all servers and workstations.

So, what is blocking static Ip request between comcast gateway and netgear firewall?


midwestdevAsked:
Who is Participating?
 
Pro4iaCommented:
if you call up comcast business tech support and let them know you want to use your own firewall, they should be able to help you
0
 
Pro4iaCommented:
Your comcast modem which is doing the NAT doesn't know about your servers on the 192.168.16.x network which is behind another firewall... You shoudn't really need two firewalls.  I'd setup the static IPs on the Netgear firewall and use it as your primary.  Nat should also be done on the Netgear...
0
 
kennyhenaoCommented:
NAT will not work in this case. Comcast gateway (business) will require a block of public IP's to properly route (NAT) traffic. Their gateway handles all requests and disrgards NAT to another device.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
midwestdevAuthor Commented:
The static IP for the teh comcast gatway are public gateways.

How do I disable the comcast firewall and make all traffic pass through for all 6 public static IP's I have?

0
 
Pro4iaCommented:
you may need to call up comcast to make that change.. just tell them you have your own firewall you want to manage and you want to use their cable modem as a bridge
0
 
kennyhenaoCommented:
You cannot put the comcast router into bridge mode, they do not allow that.
Put 1 IP on DMZ and set your router to that IP address.
0
 
midwestdevAuthor Commented:
would that be the wan IP of the netgear 192.168.1.2?

so setup would be:

comcast router:
WAN:given but comcast
LAN:192.168.1.1
DMZ  192.168.1.2
do i do anythign about teh NAT 1-1? for static IP pass thru

netgear router:
WAN: 192.168.1.2
LAN:192.168.16.1
0
 
kennyhenaoCommented:
No, I am referring to Public IP's. This is something you will need to order from Comcast.
The gatway will still block unless you have a public IP you can put on DMZ and segment from gateway.
Using IP given by gateway will not pass through traffic correctly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.