Hello,
I was issued an Cisco 871w router for my work and it provides VPN tunnel directly to my office.
My Fios service is 30/20 and can achieve that speed with the actiontec router behind ONT. However, when I swap out the actiontec and replaced with Cisco 871w, the speed drops to 20/1. I know that the 871w is loaded with encryption and stateful packet inspection so it's performance isn't very good hence the slow speed. I have Fios TV (actiontec is needed for STB guides), so I have the setup as follows:
ONT --> 871W (NAT) --> MI-424-WR (NAT) -->STB
871W (NAT) --> Home Network
871W (NAT) --> Office Network
(I don't think this is going to line up correctly, but hope you get the point)
What I'm seeking is an alternative setup that will allow me to use the high speeds available on the home network side. One option I have thought of is to get 2 public IPs from Verizon (is that even possible at a reasonable cost? Static IP is not necessary) and have MI-424-WR get it's own public IP to provide the STB and Home network, while the other public IP is assigned to 871W for the office network. So it would look like this:
ONT --> MI-424-WR --> Home Network / STB
871W --> Office Network
Other thoughts are to have MI-424-WR setup DMZ for 871W (would the VPN tunnel work here?) and a NAT for home network/STB.
Does anyone have other suggestions?
Thanks.
The only way to have more than one IP from Verizon is to :
a) HAVE 2 ONT's and then you could have 2 internet connections
b) upgrade to a business account with multiple static IP's
I think that your second suggestion would probably be the easiest to implement and use
If you place a switch between your routers and ONT, the routers can each be issued IP addresses. I have seen this work first hand, but for a residential service, it will violate your terms of service. Both routers will still share the bandwidth of the ONT configuration, but each will be issued an IP and violate your terms of service for a residential account. If you are required to have conectivity for working at home, perhaps your employer would share the cost for bussiness class service, and provide an allowance.
One other item I have read about are issues with pay per view. When the user has TV on a business account, there are restrictions on providing pay per view programming for the account.
http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=vzc_help_policies&id=TOS
"If you subscribe to a Broadband Service, you may connect multiple computers/devices within a single home to your modem and/or router to access the Service, but only through a single Verizon-issued IP address."
2nd solution. Plug the Cisco router WAN into the Actiontec LAN and create a static IP for the Cisco router on your private LAN. Then port forward the required ports to the Cisco router. Or place the Cisco router in the Actiontec firewall's DMZ.
humm... that is interesting. Thanks for your suggestion, but if the DHCP IP are bounded to MAC address, how can the ONT allow multiple MACs? Regardless, I wish Verizon would allow this for a small extra cost.
Eventhough my employer is paying for the service, I don't need static IP and definitely don't wish to have slower speed (which defeats the purpose trying to achieve faster speed on the home network). I believe the large pricing difference between business and residential class is due to static IP and the potential for servers with large upload usage, neither of which I require. Hey Verizon, may be you can offer a "Telecomuter package" that allows a secondary router independent of the MI-424?
Anyway, I'm looking into IPSec passthorugh and NAT-T (NAT travsal) which allow VPN tunnel to be established behind a NAT/firewall. I'm not sure if MI-424 is capable of this tho.
The IP is bound to the router's MAC address and I do not think the DHCP server is in the ONT. I have PPPOE and it worked here for the short time I tried it. I am not sure how long it would take for VZ to figure out you were getting two IPs, but I would not violate the terms of service and have my connection cut. I do believe the router should support IPsec passthrough. This is what I found in the spec. of the Actiontec, so it should work. In the past I have read where a user had issues with IP on the coax WAN.
VPN IPSec (VPN passthrough only)
Meaning it will not act as an endpoint.
Start a new topic or ask questions in the open forum.
