I have GRE tunnels and l2tp tunnels over those comcast boxes. l2tp is less hassle because it handles NAT, but you can do GRE instead -- just make sure you assign yourself a public static IP.
First, go into the gateway and make sure all firewalls are disabled (it has a web GUI). Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the device is somewhat retarded. You plug into the switch and pull DHCP, and you get a natted address and it routes. You can plug into the same switch and set a static IP on your device (internet public IP), and it will work without NAT, assuming your account has a static IP. Set said static IP on your microtik box and it should pass end-to-end without drops. On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <n...@blastcomm.com> wrote: > Hello, I'm hoping that someone here might have run into a similar issue and > might be able to offer me some pointers. > > I have a customer that I am providing redundant paths to, one link over a > microwave connection, and a backup link over a Comcast Business Class > Connection. Everything on the Microwave link is working fine. On the > Comcast Connection, I have a Static IP from Comcast, and I want to setup a > vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast Static > IP Address. It looks like the SPI Firewall inside the SMC Gateway required > by comcast is blocking the GRE packets, I'm basing this on the fact that > when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel > while the modem is booting up, then it stops again. I have gotten to Tier2 > support who swears that all Firewalls on the SMC Gateway are disabled. > > As a workaround, I was able to establish a PPTP tunnel to my NOC, however > it seems like the tunnel will only run for a few hours, then becomes slow to > the point of being unusable. In my mind this would be no different than > setting up a permanent VPN back to a corporate office, which I would think > happens all the time, so I'm not sure why I'm running into issues with it. > > Anyone with Insights or comments would be appreciated. > > Thanks, > Nate Burke > >
