CG3000DCR problems with VPN

fred339 · ‎2021-10-29

I'm not sure of the model number here as the modem is lableled CG3000DCR Advanced Cable Modem Gateway.

Anyway, we are using it to interface COMCAST cable internet service with a /29 subnet block of public IP addresses like this:

1- for the network address

2-6 usable host public addresses

7 - gateway address (the modem's address in the subnet)

8 - Broadcast address

We plan (as usual) to connect various devices with the usable public addresses and to deal with needs for firewalling them downstream of those interfaces.

A number of things seem odd:

The CG3000DCR can be configured from the "LAN" side - which isn't something I'm used to seeing on an ISP interface delivering blocks of public addresses.

In there, t has a setting: "disable firewall for true static ip only"

If one connects a laptop with one of the usable public addresses with no changes to the modem configuration, DNS doesn't seem to work normally AND one cannot ping any number of well-known public addresses like 8.8.8.8

Selecting "disable firewall for true static ip only" seems to fix the DNS and ping results. But where is this documented?

Then, one of our devices on this public subnet is a VPN router and we have site-to-site VPNs running.

But, we are seeing horrible packet loss when connected to this modem.

Any insights, information, documentation, etc?

FURRYe38 · ‎2021-10-31

Most routers only handle 1 Public IP address that comes in from the WAN side. This is NAT'd to a private IP address pool on the LAN side of the router. Most ISPs only give out 1 Public IP address per house hold. Some offer up more than on but you have to pay extra for a extra Public IP address from the ISP in those cases. This would also entail having a modem that can handle more then 1 WAN IP address incoming to the ISP Modem. Not sure if this model modem can do this. I know the CM1100/1200 and CAX80 support this.

Please post a copy and paste of the modems connection status page.
Have the ISP check the signal and line quality UP to the modem. Be sure the ISP provisions the modem correctly.
Be sure there are no coax cable line splitters in the between the modem and ISP service box.
Be sure your using good quality RG6 coax cable up to the modem.
Be sure to power OFF the modem for 1 minute then back ON.
https://community.netgear.com/t5/Cable-Modems-Routers/General-info-and-Troubleshooting-for-Cable-Mod...

fred339 · ‎2021-10-31

I had hoped to make the aspects of public IP address allocation clear in my original post.

This isn't a "household" it's a business. We do this all the time.

There is no expectation of getting only ONE public IP address as stated AND we are paying for what we ordered.

I'm trying to get better information regarding the CG3000DCR and any experience others have had with it in a business, multi-public IP address setup and any experience with VPNs running through it.

FURRYe38 · ‎2021-10-31

We don't see much users experiences here with this particular modem and working with in business environment.

You mighy contact NG support and reach out to them directly to see they can help you out. IF your using non NG VPN software, you'll need to reach out to the Mfr of the VPN software for help and support regarding there product. If your having ISP signal issues, you'll need to reach out to the ISP for help and support regarding ISP services up to the modem.

Good Luck.

CG3000DCR problems with VPN

CG3000DCR problems with VPN

Re: CG3000DCR problems with VPN

Re: CG3000DCR problems with VPN

Re: CG3000DCR problems with VPN