dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1175
share rss forum feed

promod117
Premium
join:2006-09-22
Uniontown, OH

NVG 510 and Safe@Office 500w

Hello,

I just upgraded to U-verse and with that came a new modem and IP address. My DSL set-up had my modem bridged to my firewall. Is there anyone here familiar with setting up the Checkpoint device? Also, the static IP I was given does not match the results I get from whatsmyip.com. It did with DSL. Is this correct and which address do I use?

Thanks,
Paul


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse
I am assuming you have a block of static IPs with your Business class U-Verse

The NVG510 will actually have 2 public IP addresses assigned to it: its regular "sticky" dynamic IP that any U-Verse customer has, and then 1 of the static IPs in your static block is also assigned to the NVG510

From the NVG510 user interface, any device that needs a static IP needs to have one specifically assigned to it from your static IP block that you purchase

Until a static IP is assigned to a device, that device will show the "sticky"/dynamic ip address of the NVG510 when doing a whatismyip look up.

When a device is assigned a static IP from the block (and the dhcp lease renewed so the static IP is then given to the device), now that device will list that assigned static IP on a whatismyip lookup

promod117
Premium
join:2006-09-22
Uniontown, OH
Where is this assignment made? In the modem cofig?

Also, I noticed that the Netopia modem for DSL used PPPoE and I do not believe the NVG510 uses that. What type of connection would the NVG510 use in passthrough mode? My choices are

Thanks

i2Fuzzy

join:2009-02-25
Fort Worth, TX
reply to promod117
What kind of questions do you have about the Check Point device? From the RG you should be able to just use DMZ+ mode to ignore the RG and use the routing and firewall settings on the Safe@ box.
--
Ali
Check Point Certified Security Expert

promod117
Premium
join:2006-09-22
Uniontown, OH
I actually have it working at the moment with the modem in passthrough mode using the safe@office mac address. I'm not convinced that is correct yet, although, everything seems to be working except outbound mail. I changed the connection type from PPPoE to LAN and used the broadband address rather than the gateway address from my block. Using any address from my block didn't work, which has me stumped.

i2Fuzzy

join:2009-02-25
Fort Worth, TX
I used DMZ+ to pass my external IP from the RG to my internal router. My RG's internal LAN segment is 192.168.1.0/24 and my internal router's internal LAN is 192.168.0.1/24.

Let your RG handle the external PPPoE, and just pass all your traffic through the Safe@ for your firewalling.
--
Ali
Check Point Certified Security Expert


mackey
Premium
join:2007-08-20
kudos:13
As this is IPDSL (using a NVG510), PPPoE is not used at all and thus no device should be set to use it.

The OP does NOT want DMZ+ as he's trying to use the block of static IP addresses he bought. Using DMZ+ will only get him a single dynamic address. He needs to use either the "Public Subnet" or "Cascaded Router" option.

/M

i2Fuzzy

join:2009-02-25
Fort Worth, TX
Thanks for that. I haven't cared much about my Uverse setup since I don't have a static IP, but wanted to share my setup in case it might help him.

Mine's also FTTP, so may be completely different.
--
Ali
Check Point Certified Security Expert


mackey
Premium
join:2007-08-20
kudos:13
reply to promod117
Although I'm not familiar with the Safe@Office 500w, I do know the NVG510 rather well.

The NVG510 has 2 different ways of distributing static IP addresses: "Public Subnet" and "Cascaded Router." "Public Subnet" is basically the same as what all the old, non-Uverse, 2wire DSL RGs used - the NVG510 deals with your static addresses directly. "Cascaded Router" is pure awesomeness if you have a real router of your own (standard wireless routers need not apply) and don't want AT&T's RG to muck with your addresses - it hands the entire netblock off to your router to do with as it pleases.

I'm going to use 1.1.1.56/29 as an example static IP block. Change to use your numbers as needed. 1.1.1.56/29 gives us:
1.1.1.56 - "network" address, not usable
1.1.1.57 - 1.1.1.62 - usable addresses
1.1.1.63 - "broadcast" address, not usable
255.255.255.248 - subnet mask (the long form of "/29")

To set up "Public Subnet," go to the "Home Network" tab and "Subnets & DHCP" sub-tab.
1) Change "Public Subnet Enable" to "On"
2) Put one of your usable addresses in the "Public IPv4 Address" field. This is going to be the Gateway Address for your devices. AT&T traditionally uses the highest numbered usable address (1.1.1.62), but personally I prefer to use the lowest.
3) Set "Public Subnet Mask" to 255.255.255.248
4) Set "DHCPv4 Start Address" to the lowest usable address, excluding the gateway: 1.1.1.57
5) Set "DHCPv4 End Address" to the highest usable address, excluding the gateway: 1.1.1.61
6) "Primary DHCP Pool" - if you want the DHCP server on the NVG510 to hand out address from your static block, set to "Public." If you want it to hand out addresses from the private internal block, set to "Private" - you'll need to assign your public addresses to devices manually.




To assign address to your devices:
If you have "Primary DHCP Pool" set to "Public," any device using DHCP will get one of your static addresses.
If you have "Primary DHCP Pool" set to "Private" you'll need to manually set your device to use one of your static addresses, using the address set in step #2 as the gateway address.

That's it! Let me know if you're interested in the "Cascaded Router" option and I'll post instructions for that.

/M


mackey
Premium
join:2007-08-20
kudos:13
On second thought, my last post was probably a bit too generic. To be a bit more specific for your Safe@Office:

I'm going to use 1.1.1.56/29 as an example static IP block. Change to use your numbers as needed. 1.1.1.56/29 gives us:
1.1.1.56 - "network" address, not usable
1.1.1.57 - 1.1.1.62 - usable addresses
1.1.1.63 - "broadcast" address, not usable
255.255.255.248 - subnet mask (the long form of "/29")

On the NVG510, go to the "Home Network" tab and select the "Subnets & DHCP" sub-tab.
1) Change "Public Subnet Enable" to "On"
2) Put 1.1.1.62 in the "Public IPv4 Address" field. This is going to be the Gateway Address for your devices.
3) Set "Public Subnet Mask" to 255.255.255.248
4) Set "DHCPv4 Start Address" to 1.1.1.57
5) Set "DHCPv4 End Address" to 1.1.1.61
6) Set "Primary DHCP Pool" to "Private"

On your Safe@Office:
1) Set the WAN type to "static" or plain or whatever it calls it. Any PPPoE or similar should be disabled.
2) Set the address to 1.1.1.57
3) Set the gateway to 1.1.1.62
4) Set the DNS servers as needed.

/M

promod117
Premium
join:2006-09-22
Uniontown, OH
Great info in the thread and I really appreciate the help!

I see I got sidetracked before finishing an earlier post. Connection options are;

LAN - PPPoE - PPTP
Cable Modem - L2TP and Telstra

Does the NVG510 have to propagate before the Static IP takes hold?

Let me see if I can get a screenshot of the config page.


mackey
Premium
join:2007-08-20
kudos:13
Looking at the Safe@Office version 6 users manual, you want the "LAN" option. If it does not give you a place to punch in the IP address information, you'll need to set the NVG510's "Primary DHCP Pool" to "Public"

said by promod117:

Does the NVG510 have to propagate before the Static IP takes hold?

Not sure what you mean by this. When you hit the "Save" button, the NVG510 will reboot and the changes will be live.

/M

promod117
Premium
join:2006-09-22
Uniontown, OH
I was wondering how long it took to change. It was almost instant. The guy who installed it had the DNS servers wrong. I thought they would be different from the DSL addresses so I thought it was correct.

I'd like to thank everyone again for their input! Still need to work on Exchange. Looks like port 25 is being blocked outbound.

Will also check my remote connection when I get home.

Thanks!


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Port 25 is blocked by default - but Tech Support can have the block removed (no additiional fee for Business Class, and a one-time fee for Residential Class)

promod117
Premium
join:2006-09-22
Uniontown, OH
Perfect. Thanks! Everything is working now including remote through my VPN appliance.

Thanks to everyone that helped!

promod117
Premium
join:2006-09-22
Uniontown, OH
Can anyone tell me why my IP address appears to be in Kansas when I am in Ohio?


mackey
Premium
join:2007-08-20
kudos:13
Because those location databases are not kept by AT&T. They're nothing more then a "best guess" by a 3rd party as to where the IP actually is.

/M