Sounds mad but...

I need an ADSL router which can have NAT and the firewall switched off.
This is so I can connect two Netgear Prosafe routers to the static IP
addresses assigned by BT and use them for VPN tunnels.

Tried the Allied Telesyn 256 but this crashed when VPN traffic went through
it. And at £54 this was not expected.

The various white Netgears can not switch off the firewall - and can only do
DMZ which as it goes to a single host is not good enough.

Thought the D-Link 524-T would be good but the web interface has a couple of
glitches and so does not inspire faith.

Zyxel was a disaster - VPN side would not work and the logs were showing
that the settings for VPN were not being altered via the web interface.
Could try them for the initial connection but faith has bee lost.

Have used Billions in the past and though they work ok they have confusing
web interfaces. Bear in mind that I sometimes have to pass these routers
on to others who take them onsite to install.

Also, ideally, I need something which can be sourced from PC world business
because I have to order bunches at a time.



Netgear routers have been generally ok - apart from they usually need their
firmware upgrading. If Netgear could release a Prosafe which does UK PPPoA
then that would be good.

Will be sending the Allied Telesyn back but not sure if replacement will be
better.


All in all, the Netgears seem to have the best web interfaces - but do not
do a professional level PPPoA model.

Maybe I'll get a newer Billion and check them out.

Any thoughts?

Please bear in mind that I prefer to have a simple setup as I would like to
pass them to others for setting up. We also need to set up VPN tunnels on
all of our connections.


When we set up single static IP address connections I give the guys a
Netgear DG834, Netgear FVG318 and they can install both easily. We then
get the VPN configured and running fairly quickly.

On 10 Mar, 09:53, kevin bailey <kbai...@freewayprojects.com> wrote:
Did BT supply you with a business hub (aka 2 wire HG2700)?

This will do exactly what you want. Put your static router IP and
subnet mask into the public network section, set the netgears to pick
up their WAN IP via DHCP then use the address allocation section in
the HG2700 to allocate relevant static IP addresses to the netgears.
Once they have their IPs you can then put each of them into DMZ (newer
HG2700s have the option of automatically opening firewall for each
device in the public network, you see this option when you enter the
router static IP address).

HG2700s are the standard BT router for business connections and
straightforward to set up, BT have a "network" helpdesk you can call
if you get stuck, just make sure your Netgears are set up to get their
IP on the WAN by DHCP and they should be able to get you going no
problem.

If you really want a simple router to do this then ask BT for a
voyager 220, but this shouldn't be necessary if you already have a
HG2700.

Regards

William MacLeod

kevin bailey wrote:
the Draytek 2800) and it's working fine on one of our 5 assigned BT
addresses - the general setup was as follows:

Prosafe assigned IP address =192.168.101.10

On Draytek, one of our 5 IP addresses (81.x.x.85) was put in the DMZ
pointing to 192.168.101.10

The LAN side of the Prosafe had the router as 192.168.1.1 and a Win2K
server as 192.168.1.2.

I can't get to the Prosafe from my current location so the following is
a bit vague:

I had the Prosafe setup to 'know about' the 81.x.x.85 address, but
nothing would route until I ticked a box about about accepting alternate
addresses and added 192.168.101.10 to the list - once I had done that
everything sprang into life and it's been running fine 24/7 for about 3
weeks now.

Overall, any packets sent from the Win2K server are seen by the outside
world as coming from 81.x.x.85

If you want a better explanation of my exact settings email me or leave
a message here and I can check Monday.

HTH

L3K

On Mar 10, 9:53 am, kevin bailey <kbai...@freewayprojects.com> wrote:
No it doesn't - given your post in another thread about "setting a
router to LLU"!

<snip>

I'm confused - I thought you're using the Netgear to do the VPN
tunnel? In that case I would have thought the VPN settings on the
ZyXEL would be at best irrelevant, and at worst, a waste of money if
you've paid for a ZyXEL with VPN on when you don't need it.

I've deployed many ZyXEL routers [P660H-61, P660H-D1, P660-R] on
circuits from BT, Easynet, Griffin and Legend, with varying numbers of
public IP addresses; the VPN tunnels are handled by Sonicwalls, again
of varying model. They always seem to Just Work, with the minimum of
fiddling. I guess you just had a bad experience with the ZyXEL. We
originally chose ZyXELs to handle the DSL side as they were the
cheapest ones we could find with Conexant DSL chipsets. We've stuck
with them as they never go wrong.

alexd

"kevin bailey" <kbailey@freewayprojects.com> wrote in message
news:estv6b$fsi$1$8300dec7@news.demon.co.uk...
can you not get BT to provide a router and / or some recommendations?
have already cost a fair amount.

try a cisco 1801 - more expensive, but sounds like you have already wasted a
lot of time and effort on this.
dont bother with the wireless option.
http://www.cisco.com/en/US/products/ps6184/index.html


Regards

stephen_hope@xyzworld.com - replace xyz with ntl

On 10 Mar 2007, "ale.cx" <troffasky@hotmail.com> wrote:

Just for fun, go back about a year for "discussion" on the subject :-
"BT router replacement required - and i'd still avoid BT like the plague"

On 10 Mar, 10:39, Linker3000 <linker3...@googleminushyphen-mail.com>
wrote:

This is a odd way of doing things.... You have a routed subnet of
static IPs from BT and you appear to be double NAT'ing - a bad thing.

On a Draytek Vigor 2600 you should be using IP routing option and
putting one of your public static IPs on the LAN side of it (BT will
have told you which one to use on it). This then allows you to just
allocate another of your remaining static IPs directly to the WAN side
of the Prosafe and forget about DMZ etc.

Regards

William MacLeod

stephen wrote:

They provided a Siemens but the static IP addresses never worked.

It might be an idea - I thought the Allied Telesyn would be more enterprise
level - but that one crashed when VPN's were being used.

Cheers,

Kevin

ale.cx wrote:

This is true - I tried to use a Zyxel to do ADSL and VPN on a remote site
and the VPN side never worked - so it gave me a bad taste for Zyxel.


Sounds like a good recommendation as you are setting up the same sort of
stuff as we are.

Thanks - much appreciated,

Kevin

NoNeedToKnow wrote:

Yep mad I know - but at least I got it sorted with some help from the NG.

All this stems from BT's inability to correctly set up their own router!

Kevin

NoNeedToKnow wrote:

And at least someone has explained that the reason - something about BT
turning off the config download - still puzzled - and at least the new
sites are using Demon.

Kevin

Linker3000 wrote:

This I can have working fine with most routers.

The difficulty is that we need two of the static IP addresses to be assigned
to two different VPN routers.

DMZ would not work because all traffic would be sent to a single router.

What has worked for the last year has been that the first (ADSL) router
picks up its WAN address via DHCP. Then the LAN side of the ADSL router is
set to the x.x.x.232/29 subnet assigned by BT - its own LAN port is
assigned x.x.x.238 so it can act as a gateway. Then, any routers can have
their WAN ports set to a static address and the gateway set to x.x.x.238

This way the 'internal' router get their own static IP addresses and VPN's
work well.

Cheers,

Kevin

willie@macleod-group.com wrote:

Nope - someone else has mentioned this router.

Sounds good.

Sounds better than BT were 12 months ago.


Thanks,

Kevin

kevin bailey wrote:

There is another handy feature of ZyXELs, especially if you have your own
broadband database you keep circuit details in. You can FTP the configs
onto them as a plain-text file called 'rom-t'. So it would be trivial to
write a bit of software that queries your broadband database, outputs a
rom-t file, and then FTPs it onto a brand new router, leaving you with a
router set up in no time at all.

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
14:01:47 up 20 days, 18:14, 2 users, load average: 0.05, 0.07, 0.14
This is my BOOOOOOOOOOOOOOOOOOOOOMSTICK