Solved

Public IP setup with AT&T and WatchGuard XTM

Posted on 2011-02-17
15
3,868 Views
Last Modified: 2012-05-11
Ok Experts, I'm calling on you in my most desparate time. I have a situation that is complicated, and there is a lot to read, I will try to keep it clear.

I am currently at one of my field offices setting up the network and connecting the BOVPN. I am running into problems getting everything synced up. Here are the key players:

AT&T DSL Service with 5 Static IPs
WatchGuard XTM 22 router/firewall

Here are the logistics:

AT&T DSL was installed with a Motorola Netopia 3347-02 Modem/Router

My IP Block is as follows:
Public IP 99.x.x.169 to 99.x.x.173 (Usable)
Default Gateway is 99.x.x.174
Subnet Mask is 255.x.x.248

The modem was configured with a PPPoE of xxx@static.att.net


The WatchGuard XTM 22 is configured using a Static IP of 99.x.x.169/29 and Gateway of 99.x.x.174

Ok, so I have tried to set the Motorola Netopia to Bridge mode, basically disabling all of its settings, except for the modem portion. The WAN IP interface has been configured to use the PPPoE settings. From what I can see, the modem tells me it is bridge mode.

When I have the Watchguard box external interface to the 99.x.x.169, my network has no internet access. If I set the external interface to PPPoE using the supplid info, and using either "obtain IP" or setting the IP to the 99.x.x.169, my network has internet access, but my XTM 22 reads it's IP as 99.x.x.174 and has a completely different subnet mask and default gateway.

I also cannot ping the 99.x.x.169 or 99.x.x.174 or any of my other Static IPs. However, when I have the XTM set to use the PPPoE settings, and I set a laptop to the 99.x.x.169 credentials, I have internet access, and I can ping that IP from the outsite, however, I am at that point connecting to the modem, and not my XTM.

I have made 5 calls into AT&T, ranging from Home Tier 1 to Business Tier 1, and all they canm say is that their equipment is working. I am at a loss, I am asking for anyone who has experience dealing with AT&T DSL for thier business network to help me out on this. I have gone through all the settings pages for the modem, and it just won't work the way it should.

So if anyone out there can give me some pointers on where to look on this particular modem, or has dealt with this mess before and knows what needs to be done, you'll be a life saver!! If you need more info, please don't hesitate to ask!!!

Thanks Experts!
0
Comment
Question by:joelisthedude
  • 9
  • 5
15 Comments
 
LVL 4

Expert Comment

by:Kendzast
Comment Utility
If I understood it right you want to bridge your public IP address range from AT&T DSL to WatchGuard?
0
 
LVL 13

Expert Comment

by:kdearing
Comment Utility
Leave the Netopia "unbridged"
Its LAN port should have the 99.x.x.174 IP address.

This leaves the rest of the IPs (169-173) available for you to use.
Your WatchGuard gets 99.x.x.169 on its WAN (or all 5 IPs if it's capable of multiple WAN IP addresses)
0
 

Author Comment

by:joelisthedude
Comment Utility
Kendzast, Yes. Kdearing, I will try that to see if that works.
0
 

Author Comment

by:joelisthedude
Comment Utility
Ok, so I did that, and the internet is accessible by the network. And WatchGuard is registering its IP address is the 99.x.x.169, the problem is, I can't ping 99.x.x.169 from the outside, but 99.x.x.174 is. Question is, can I use the 99.x.x.174 address for the BOVPN and HTTP, or is this setup still not configured right? I thought that 99.x.x.169 would be accessible once the modem and WatchGuard were talking correctly, but it still isn't working the way I thought.
0
 

Author Comment

by:joelisthedude
Comment Utility
Well I can't connect to my XTM 22 using the 99.x.x.174 address, so that address, while it can be pinged, is useless to me.
0
 
LVL 13

Expert Comment

by:kdearing
Comment Utility
99.x.x.169 is your correct public IP
The WAN interface of your WatchGuard box is set to ingore pings by default.
0
 

Author Comment

by:joelisthedude
Comment Utility
I have policies in place already to accept pings.
0
NetScaler Deployment Guides and Resources

Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

 

Author Comment

by:joelisthedude
Comment Utility
Are there any other settings you can think of in the modem that could still be interfering?
0
 

Author Comment

by:joelisthedude
Comment Utility
I can enable remote access if you want to log in and peek around, because I am running out of ideas and time, my flight leaves in 6 hours lol
0
 
LVL 13

Expert Comment

by:kdearing
Comment Utility
OK
Let's make sure we have everything straight.

The netopia is not bridged and not in any type of "gateway" mode.
Its WAN side IP address is some ATT address
Its LAN side IP address is 99.x.x.174 /248

Your WatchGuard WAN side IP address is 99.x.x.169 /248
WatchGaurd default gateway is 99.x.x.174
WatchGaurd accepts pings

From the outside world you can ping 99.x.x.174 but not 99.x.x.169  ?
0
 

Author Comment

by:joelisthedude
Comment Utility
Netopia is not bridged, the settings are still from the pre-configuration from AT&T.

The WAN side IP is also 99.x.x.174, along with a Peer Address of 67.36.167.167

All WatchGuard settings are correct.

I can ping 99.x.x.174 but not 99.x.x.169
0
 
LVL 13

Accepted Solution

by:
kdearing earned 500 total points
Comment Utility
The Netopia is not configured correctly.
Need to get a hold of ATT
The 174 address should be on the LAN side
0
 

Author Comment

by:joelisthedude
Comment Utility
The 99.x.x.174 is on both sides, LAN and WAN.
0
 
LVL 13

Expert Comment

by:kdearing
Comment Utility
sorry for the delay
I still think yo need to get a hold of ATT
that config doesn't sound right
0
 

Author Closing Comment

by:joelisthedude
Comment Utility
Called AT&T, they ended up sending out a new router that I will setup and hopefully it will work!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Finding a free PC on campus 6 51
L2 to EIGRP slow migration? 27 56
Windows 10 VPN? 6 40
ethernet cat5e lenght 80m 9 32
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now