nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comcast Bussiness Class and GRE Tunnels

From: PC <paul4004 () gmail com>
Date: Tue, 26 Jul 2011 09:38:38 -0600
I have GRE tunnels and l2tp tunnels over those comcast boxes.  l2tp is less
hassle because it handles NAT, but you can do GRE instead -- just make sure
you assign yourself a public static IP.

First, go into the gateway and make sure all firewalls are disabled (it has
a web GUI).

Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the
device is somewhat retarded.  You plug into the switch and pull DHCP, and
you get a natted address and it routes.

You can plug into the same switch and set a static IP on your device
(internet public IP), and it will work without NAT, assuming your account
has a static IP.

Set said static IP on your microtik box and it should pass end-to-end
without drops.

On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <nate () blastcomm com> wrote:


Hello, I'm hoping that someone here might have run into a similar issue and
might be able to offer me some pointers.

I have a customer that I am providing redundant paths to, one link over a
microwave connection, and a backup link over a Comcast Business Class
Connection.  Everything on the Microwave link is working fine.  On the
Comcast Connection, I have a Static IP from Comcast, and I want to setup a
vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast Static
IP Address.  It looks like the SPI Firewall inside the SMC Gateway required
by comcast is blocking the GRE packets, I'm basing this on the fact that
when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel
while the modem is booting up, then it stops again.  I have gotten to Tier2
support who swears that all Firewalls on the SMC Gateway are disabled.

As a workaround, I was able to establish a PPTP tunnel to my NOC, however
it seems like the tunnel will only run for a few hours, then becomes slow to
the point of being unusable.  In my mind this would be no different than
setting up a permanent VPN back to a corporate office, which I would think
happens all the time, so I'm not sure why I'm running into issues with it.

Anyone with Insights or comments would be appreciated.

Thanks,
Nate Burke
Previous By Date Next
Previous By Thread Next

Current thread: