An Accepted Solution is available for this post. Jump to solution.
Problem with FIOS Actiontec and AT&T Microcell (Basically IPSEC VPN)
neotechpc
Enthusiast - Level 2
‎04-29-2010 10:15 PM

So I've been struggling to install my AT&T Microcell (mini cell tower which routes your call VoIP) with my FIOS Actiontec router.

The Microcell is essentially an IPSEC VPN appliance, so I started by simply forwarding the ports that AT&T reccomends (500 and 4500 UDP) to the Microcell and disabling packet fragmentation protection by unchecking the 'Block IP Fragments' box. No luck there, so I eventually set the Microcell to be the DMZ. 

Even with the Microcell as the DMZ, I am still seeing problems. First off, the router appears to be blocking inbound connections where the source port is 443.  Second it seems to be blocking some outbound fragmented UDB connections. I see no other relevant block notices in the security log, so I suspect one or both of these are my problem:

Apr 30 00:52:51 2010 Inbound Traffic Blocked - Default policy TCP 12.230.208.xxx:443->96.255.106.xxx:50601 on clink0 [repeated 2 times, last time on Apr 30 00:52:51 2010]

  

Apr 30 00:53:53 2010 Outbound Traffic Blocked - Defragmentation failed Fragmented packet, packet exceeds: UDP Fragment 192.168.123.57->12.230.208.xxx offset: 1472 on clink0

Apr 30 00:53:53 2010 Outbound Traffic Blocked - Defragmentation failed Fragmented packet, packet exceeds: UDP 192.168.123.57:4500->12.230.208.xxx:4500 on clink0

Any thoughts on how to prevent the router from blocking these? It seems like my config should allow both through just fine.

Thanks,

-Dan

0 Likes
Reply
1 Solution

Correct answers
An Accepted Solution is available for this post. Jump to solution.
Re: Problem with FIOS Actiontec and AT&T Microcell (Basically IPSEC VPN)
neotechpc
Enthusiast - Level 2
‎04-30-2010 01:12 PM

I tried it with the firewall set to just about every setting I could think of. I finally gave up and reset the router to factory defaults.

The packet fragmentation errors are now gone and the MicroCell's VPN came up just fine!

View solution in original post

0 Likes
Reply
3 Replies
An Accepted Solution is available for this post. Jump to solution.
Re: Problem with FIOS Actiontec and AT&T Microcell (Basically IPSEC VPN)
dslr595148
Community Leader
Community Leader
‎04-30-2010 11:55 AM

#1 What is the exact model and version of your FIOS Actiontec router?

For example Actiontec, MI-424-WI, C

#2 What is the firewall in the router set to ( Off, Low, Medium, High ) ?

0 Likes
Reply
An Accepted Solution is available for this post. Jump to solution.
Re: Problem with FIOS Actiontec and AT&T Microcell (Basically IPSEC VPN)
neotechpc
Enthusiast - Level 2
‎04-30-2010 01:12 PM

I tried it with the firewall set to just about every setting I could think of. I finally gave up and reset the router to factory defaults.

The packet fragmentation errors are now gone and the MicroCell's VPN came up just fine!

0 Likes
Reply
An Accepted Solution is available for this post. Jump to solution.
Re: Problem with FIOS Actiontec and AT&T Microcell (Basically IPSEC VPN)
Mikhail
Enthusiast - Level 3
‎05-06-2010 10:19 PM

Hi Dan,

I can provide some explanations to your three examples:

1 is blocked due to the fact that incoming port 50601 is TCP port and you did not open it qand did not map it. Source port 443 is nothing to do with it.

2 and 3 are blocked since packet size exceeds MTU. I suspect the way how Microcell is configured, it uses UDP protocol as main mean to connect. And UDP protocol does not guarantee the order of packets -- packets could be sent in one order and arive in completely different. So VPN server does not want (or it's not capable) to reassemble fragemented packets. I would suggest to configure Microcell in the way so it does not send packets with length more than your MTU router<->VZ

0 Likes
Reply