Conflicting DHCP & Double NAT on Network
I have an older TC providing network service both via ethernet and wireless in my house. I have a 1st Generation Airport Express connected wirelessly to extend the network. I have a 2nd Gen Airport express connected via ethernet to extend the network. This ethernet connection is coming via a Netgear 10/100 Switch. Both Airport express devices are set in bridge mode. The TC is set in DCHP & NAT. Per a previous discussion with an applecare representative, I was instructed to ignore the Double NAT message, which worked fine. However, since I've been able to connect the 2nd Gen Airport express via ethernet, it seems to set up fine, but at some point gets kicked off the network. Also, upon setting up the express via ethernet, i get the conflicting DCHP message. In following the previous applecare suggestion to ignore the Double NAT, i went ahead and ignored the conflicting DCHP message as well. Should I simply set the TC to bridge mode? I seem to remember the applecare representative saying that wasn't a good idea. I have the TC hooked to receive the broadband signal via an AT&T modem and I've set the modem to not broadcast any wireless signal.
To conclude, as currently set up, all systems are working fine, with the exception of the Double NAT and Conflicting DCHP warnings on the TC. However, if past history is suggestion of upcoming experience, the express linked via ethernet will eventually get kicked off the network.
All these settings have been directed via the Airport Utility 6.3.2
Many thanks if anyone has suggestions.
~ds
Per a previous discussion with an applecare representative, I was instructed to ignore the Double NAT message, which worked fine.
Wow. Maybe I am not understanding what you are saying.
A Double NAT message would indicate a basic configuration error on the network. Trying to fix an error by ignoring it will not make the error go away.
Things might work OK for a limited time, but eventually the error is going to cause issues on the network.
However, since I've been able to connect the 2nd Gen Airport express via ethernet, it seems to set up fine, but at some point gets kicked off the network.
As I said.....Things might work OK for a limited time, but eventually the error is going to cause issues on the network.
Also, upon setting up the express via ethernet, i get the conflicting DCHP message. In following the previous applecare suggestion to ignore the Double NAT, i went ahead and ignored the conflicting DCHP message as well.
Ignoring two errors is going to cause issues as well.
Should I simply set the TC to bridge mode?
Yes, as well as all of the other AirPorts on the network......assuming that you have an ATT modem/router. What is the make and model number of your ATT device that provides your Internet connection?
On the other hand, if you have a simple ATT modem only, it is the modem that should be configured in Bridge Mode.
I suggest that you explore a bit different strategy for configuring your network......the correct method that follows basic networking rules.
Similar Messages
-
Question # 2--how to avoid the DHCP conflict issue, double NAT, etc.
I'm having a tough day wasting hours working on the TC. It once worked fine for a year. Now, I'm struggling to maintain a connection at all.
I may be doing this wrong but I'm using two screens to manage this.
1. preferences/network
2. the TC internet connection settings
I had written all of my settings that worked on a piece of paper. Now that I've had to reset everything earlier today by plugging/unplugging stuff per Comcast orders, I'm wondering if all of my previous settings are worthless.
Reading possible solutions on here I tried to set the connection sharing to bridge to avoid the double NAT issue. This resulted in a message that more than one computer had the same IP address and I couldn't access the internet so I went back to sharing the public IP address like I had before.
I had, and I'm trying to have now, IPv4 configured manually. When I use settings like I had before, it tells me the DHCP range is invalid. If I increase the 3rd digit/group of numbers to change the range, it re-boots but I'm unable to get to the internet.
I don't know what I'm doing wrong. Any help?Thanks to you both for responding. I had actually already read that Networking 3.0 document ... and since options 1-3 were not allowing the QuickVPN to work and options 4+ resulted in lost FIOS TV services I wasn't pursuing any of those options. Out of all of them it sounds like Bridging the Westell would be closest to what I want (enabling the Cisco router to acquire the public IP address). But I'm not willing to sacrifice my TV functions so even that option is a non-starter for me.
Over the past two weeks I have spent some 30 or 40 hours researching and then tinkering with the configuration on the routers (and VPN client software -- QuickVPN and shrewsoft VPN client). So I just invested about 15 minutes in downloading the free TeamViewer software. And although I didn't want to go the "3rd party software" route I'm actually glad I tried it. I now have a working VPN connection via TeamViewer, and through the VPN am able to use windows remote desktop just fine -- which was my goal all along. I'm concerned about the 3rd party software / security ... but at least this works. And I can always disable the TeamViewer Service when I'm not using the software. -
Will 'Double NAT' cause any problems for me?
Hi there
I have just received a Netgear VMDG280 Cable/ DSL modem/wireless router from Virgin Broadband in the UK and I plugged it into my Airport Extreme 802.11n base station. The internet works fine but the amber light remains flashing, warning me of a Double Nat error.
I can easily select for my Airport to 'ignore' this Double NAT error message, but am worried that by ignoring this warning, I might compromise something important in my whole broadband set up. Could it also reduce security etc?
Essentially, Im not doing anything fancy with my wireless network, besides running a Macbook Pro, Iphone, Ipad and friend's laptops etc.
With Double NAT existing on my network, will this affect the service I will receive in any way? Or can I just put it out of my mind?
Many thanks
Dan+If I operate Airport Extreme in Bridge mode, will that mean that the technical quality and security of the Airport Extreme base will be bypassed in favour of the Netgear?+
No
+if the Netgear is classed as the lesser device of the two, shouldnt the Airport Extreme handle the more important tasks rather than being a passive 'bridge'+
The Netgear is already configured as the "main" router on your network. It is what we call a "gateway", a combination modem and router on the same chassis. The AirPort Extreme does not include a modem, so if you wanted to make it the "main" router on your network, you would need to purchase a separate stand alone modem and then set up the Netgear as a "bridge". That gets really complicated.
If you are seeing no adverse effects of the Double NAT, you can choose to "ignore" the message and the light will turn green. If you want to do this, open AirPort Utility, click Manual Setup, and then click on the word "Status" on the summary page. Click "ignore" regarding the Double NAT.
Networking rules specify that you should try to avoid the Double NAT situation if possible. On a simple home network this is not usually a serious error, but it can slowdown internet browsing. If you plan to add a gaming console and want to play online games with other people, then the Double NAT will probably prevent you from doing so.
My suggestion to place the AirPort Extreme in bridge mode was just that...a suggestion. If you are happy with the performance of your network now and simply want to get the light to turn green, you can choose to "ignore" the message. -
I have an Airport Express connected to a Viasat 4100 satellite modem. This requires a DHCP connection and is connected to my Airport Express by Ethernet. I then have three computers (two running Mavericks and one running Lion) and two IPhone 5s and an Apple Tv on the network. If the Airport Express is set to DHCP and NAT then the network works and I have internet, but the amber light flashes and I have a double NAT error. If I use it in Bridge mode the airport express goes green but I have no internet. How can I set it up so it works properly? If anyone knows could they please give all the settings I shoud use on the Airport Express as I may have left incorrect setting on it whilst trying to fix the problem. I have checked and it has been confirmed that I cannot change any settings on the satellite modem.
Go into AirPort Utility, click on the AirPort Express, and click on the "Double-NAT" error. Click Ignore. There's nothing that can be done about the Double-Nat unless you ignore it (no harm) or contact your ISP and get them to change your Modem/Router into Bridge Mode, and even then can't guarantee that you won't get that error.
Again, best thing to do: Ignore the Double-Nat Error. -
Guest Public Network behind 10.4 Server running DHCP and NAT
I am wondering if it is possible to use APE's guest networking capabilities while still using OS 10.4 server and my DHCP and NAT servers? Is there a way to set the Airport to run its own DHCP NAT and have everything routed correctly?
Or do I still need to use two separate Airports in order to have a public and private network at my home.I figured it out. I just deiced to run a double NAT configuration
-
my airport extreme has connected to a Tplink router, i set my AE in Create network, so i get a problem of Double NAT. How can i repair this probleme because i have to use TPlink for my IP TV and i want to use AE to creat my network and the guest NW. If we don't have a solution for this question, can i set my AE to use the IP TV and how??? I'm using a 4th Airport extreme
No, not unless it is simply a network connection.
How is your IPTV being provided.. if it is using a separate vlan or separate vpi/vci in the adsl connection. Who is your ISP?
Is the TP-Link ADSL?
Is the IPTV using a separate voice channel on adsl?
Or a different vlan.
Sorry but it is something where a definite answer is not possible unless you provide all the details.
The setups are unique to each ISP around the world..
Here is one for our local ISP.
http://www.avenard.org/iptv/Setup.html
He has a section on getting this working with apple router over wireless.. look
http://www.avenard.org/iptv/IPTV_and_Wireless.html
Google around and see if other people have had success.. the whole setup is tricky.. and it is hard if nobody has used it who actually understands networking. -
Creating Two Networks with Different Securities and Double NAT Error
I have a Time Capsule which is connected to my cable modem and an AirPort Extreme connected to my Time Capsule via the WAN port. I configured the AEBS to create a wireless network using WEP (I have a few devices that don't support WPA) so I can use two different wireless securities. The AEBS flashes the amber light and once I connect to its network, the AirPort Utility states that it has a "Double NAT" issue. I used my iPhone 5 to connect to the AEBS network and I can access the Internet just fine.
Is this issue one that can be resolved? If so, how? Or do I ignore the issue? If I ignore, what are the implications?
Thanks!You need to configure the AEBS in Bridge Mode to eliminate the Double NAT error, which is slowing down your connection...and may likely cause other issues depending on how the network is configured.
If you do not know how to do this, we need to know what operating system you are using on the computer that is being used to configure and setup the AEBS. -
I have the TC connected to the comcast modem, with TC in Double NAT mode. I set up the sonos music players ok. But I read that to incresae the wifi signal the TC should be in Bridge mode. Then I cannot get any of the Sonos units to connect to the wifi network.
So two questions, does the Bridge mode give a better wifi signal then double NAT?
Why will sonos not connect to the network when in Bridge mode?A PC can have more issues connecting than a Mac.
But it really should not matter.. so just try it in situ.. press and hold the reset.. once it starts up, it will return to default IP, 10.0.1.1 the PC should then be able to find it via the airport utility.
If not drag it over to the Mac and plug in there by ethernet.. or since it is a laptop, really should not be that difficult to drag the Laptop and plug it into the TC.
Important thing is to get access to the TC.
The Mac if it is running lion, then you MUST download and install 5.6 airport utility to do anything useful.
http://support.apple.com/kb/DL1482 -
Can I get an explanation of what bridge mode is?
Can I get suggestions on what I should do to use the TC as a wireless device to spread the same wireless device my apartment is broadcasting?
Can I get a suggestion on how to use the TC as a different wireless device with it's own password without access to the cable modem. I only have access to a wall port.
I own many apple devices, iMac mid-2011, Macbook Air 2013, 2 ipads, and 2 iphones for the family, and Apple TV.
I want all my devices to be on a password related internet but the double nat on my TC makes weird things happen and slow. I try bridge mode but the internet doesn't work.
I hope I have described this situation clearly enough.
ThanksI want all my devices to be on a password related internet but the double nat on my TC makes weird things happen and slow. I try bridge mode but the internet doesn't work.
You building supplied internet is a cheap service that is without proper routable addresses..
Therefore to use more than one IP you MUST have double NAT.. sorry there is no choice..
Slow that is because you are sharing internet with every other person in the building.. get your own broadband service.
Bridge will not work.. it cannot work because the building only has private IP addressing. And they only give you a single address.
You can put a password on the wireless.. go to the airport utility and put in a password.
Other than that I don't understand what password you expect.
Can I get an explanation of what bridge mode is?
No NAT.. means the TC becomes a dumb Wireless AP and switch.. works fine with a cable modem router.. or any broadband router but useless with your building system.
Can I get suggestions on what I should do to use the TC as a wireless device to spread the same wireless device my apartment is broadcasting?
Double NAT, and set your own wireless names. There is no alternative.. sorry. -
What if the AE Gen 5 is connected to an existing DHCP server? ... how do you set up the AE to allow a Guest Network?
Thanks,
NeilThe Guest Network can only be enabled when the AirPort Extreme is configured to provide DHCP and NAT services.
If you already have another router on the network "upstream" from the AirPort Extreme, then the AirPort should be configured to operate in Bridge Mode to work correctly on the network. Unfortunately, the Guest Network feature cannot be enabled when the AirPort is in Bridge Mode. It's a Catch 22.
I am not recommending that you do this, but if you want to try to "break the rules" and run two devices both providing routing services on the network, you can try things out to see if they might work.
Assuming that you don't have DHCP IP address conflicts, you will always have a Double NAT condition when you do this. Double NAT will slow communications a bit and may produce other unpredictable results on the network. This "error" can range from a minor annoyance to a deal killer depending on what you are trying to accomplish and what other devices you might have on the network.
AirPort Utility does allow you to "ignore" the error, so the AirPort will display a green light even though the Double NAT condition exists.
If you decide to try this, let us know how things are working for you. -
I reset my airport extreme router the other day because I was too lazy to reset the password on my private network.
I have been reading the advice found on apple support communities and wide web, but the solutions do not solve any problems and often create new ones.
I'm regretting because everything was working just fine.
But I remember having this double nat error when I first set it up a few months back, but now I cannot resolve it.
I would live with the yellow light, but it seems that this double nat error is preventing my playstation 3 from connecting to the airport extreme.
When I put the aiport extreme into bridge mode, I loose all my wireless networks, even when I reboot the airport extreme and the modem.
I try rebooting the modem, then the airport. and vice versa. No internet.
I switch back to NAT/DCHP and the internet works fine on apple devices, but not the playstation 3, and I have the 1 Double NAT error.
I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
I tried setting the DHCP only but it said it didn't like the settings. is there a stock range i could be using?I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
Exact model .. motorola make adsl, cable and probably wireless modems.. with some modems and some modem router.. we need exact info. What kind of broadband do you have?
I would note.. some of the motorola cable modems seem to have issues with the apple routers. If you are about due to change modems.. now is a good time.. not another motorola.
If the modem is a straight cable modem, the AE must be in router mode.. but you need to power down the cable modem. maybe for 20min so the new router can pick up the IP address.
You cannot use DHCP alone.. the ISP do not give you a block of IP addresses.
You cannot use bridge with a pure modem.. you will find it works.. but only to one device.
The only reason you get double NAT is the failure to pick up the public IP.
Give the info required..
If you have trouble, I need the actual IP of the modem. the actual IP of the AE WAN port when plugged in. Screenshots are good. -
Airport Internet Sharing and Double Nat Issue on the road
The Airport express is a very handy little piece of hardware that is particularly easy to pack in a luggage and carry along for those of us that are spending lots of time out of the office and home.
So here is the scenario when I travel and check in into an overseas hotel: I got two iphones, one local network, one my home network, and a Mac Book Pro, and soon, [when it finally ships], an iPad.
That makes it at least 3 MAC addresses in one room, and if i have any visiting colleagues to pack up a presentation, I will have more.
Usually hotels in Asia are well equipped with ethernet points in every room. The problem comes when I want to allow all my gears to connect to the internet.
I can use the Mac Book to share its ethernet connection while tethered to the plug, which not only turns it into an unlikely desktop, but also do not champion stability when it goes in stand by or sleeps and at times it even mixes up which is the access point to the net. Therefore this does not seem to be the best solution.
I can put the AE in bridge mode and plug it straight to the ethernet. But most hotels internet access are designed to charge per MAC address, so every time the router assigns via DHCP an IP to one of my gears it requires to accept new charges for that gear, even if they are all in the same room. This definitely does not seem right either.
Now if I configure the AE to share a public IP address and force it to ignore the double NAT warning, the AE light turns green but the internet sharing does not seem to work at all.
My two questions are:
1) Why can't the AE be configured like the Mac Book to have a simple "Internet Sharing" protocol that will be always live and not going to sleep or stand by like the laptop [As the AE is design to be always online as a wireless connection].
2) is there any way to make that "Share a public IP - *** double NAT" work?
Any feedback is welcome.
Thanks. MHi Bob,
thanks for your reply. Yes the only way to work it out on a typical hotel set up is to adopt the bridge mode and sometime the do waive your extra logs in. But I am not always so lucky and I often need to come up with less optimal solution.
This is a bit disappointing when you a have a AE in your luggage and you can't use it properly.
Yet my Mac can work the problem out effortlessly by just "Sharing a internet connection" with the only major limitation of being physically connected to the Ethernet cable.
Why can't the Airport Express do the same thing? Basically the AE could share the internet connection like the Mac Book, i guess introducing a secondary layer of NAT after the Hotel modem/router NAT setup [which is what the MAC Book is doing].
If AE can't do that at all then I guess soon we will just end up shelving it.
I wonder if this is an actual hardware limitation, MAC Book can wire TCP/IP flow to different sources on a double nat and AE can't, or this is just a software limitation and Apple could fix it with a firmware upgrade.
Any thoughts on this? -
NAT overload is not working when i configure Double NAT for VPN
I have Cisco 2921 router with OS version 15.1(4)M1.
the router is configured for NAT overload and working fine, i have site to site VPN tunnel with peer with normal NAT translation. now we need to configure Double NAT on the VPN tunnel as we need to free the subnet on peer network. for double nat i use 3.2.21.x - 3.2.23.x / 24 network and apply following command
Double NAT translation
ip nat inside source static network 192.168.10.0 3.2.21.0 /24 no-alias
ip nat inside source static network 192.168.20.0 3.2.22.0/24 no-alias
ip nat inside source static network 192.168.30.0 3.2.23.0 /24 no-alias
Nonat
access-list 101 deny ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
VPN encrypted traffic over the tunnel
access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
Problem:
as soon as i apply Double NAT translation command the NAT overload stop working and client cannot reach to the internet
the router partial configuration is as below
REACH-R01(config)#do sh run
Building configuration...
Current configuration : 19233 bytes
! Last configuration change at 09:56:45 MST Tue Jan 29 2013 by admin
! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname REACH-R01
boot-start-marker
boot-end-marker
card type t1 0 0
logging buffered 51200 warnings
no aaa new-model
clock timezone MST -7 0
clock summer-time MST recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.20.1 192.168.20.99
ip dhcp excluded-address 192.168.20.250 192.168.20.255
ip dhcp pool CISCO_PHONES
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
option 150 ip 192.168.20.254
no ip domain lookup
ip domain name reach.local
ip inspect name ethernetin ftp timeout 3600
ip inspect name ethernetin h323 timeout 3600
ip inspect name ethernetin http timeout 3600
ip inspect name ethernetin rcmd timeout 3600
ip inspect name ethernetin realaudio timeout 3600
ip inspect name ethernetin smtp timeout 3600
ip inspect name ethernetin sqlnet timeout 3600
ip inspect name ethernetin streamworks timeout 3600
ip inspect name ethernetin tcp timeout 3600
ip inspect name ethernetin tftp timeout 30
ip inspect name ethernetin udp timeout 15
ip inspect name ethernetin vdolive timeout 3600
multilink bundle-name authenticated
isdn switch-type primary-ni
trunk group PRI
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3180627716
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3180627716
revocation-check none
rsakeypair TP-self-signed-3180627716
voice-card 0
dsp services dspfarm
voice service voip
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
voice translation-rule 1
rule 5 /^7804981231/ /401/
voice translation-rule 2
rule 5 // /7804981231/
voice translation-profile DID_INBOUND
translate called 1
voice translation-profile DID_OUTBOUND
translate calling 2
license udi pid CISCO2911/K9 sn FGL1540114P
license accept end user agreement
license boot module c2900 technology-package securityk9
hw-module ism 0
hw-module pvdm 0/0
username test test
redundancy
controller T1 0/0/0
cablelength long 0db
pri-group timeslots 1-6,24
no ip ftp passive
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key P@ssw0rd address 33.33.33.33 no-xauth
crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
crypto map VPN-TUNNEL 1 ipsec-isakmp
description COMPUGEN
set peer 33.33.33.33
set transform-set ESP-AES256-SHA
match address 115
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Outside Interface To the Internet
ip address dhcp
ip access-group outside_access_in in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN-TUNNEL
interface ISM0/0
ip unnumbered GigabitEthernet0/1.20
service-module ip address 192.168.20.2 255.255.255.0
!Application: CUE Running on ISM
service-module ip default-gateway 192.168.20.254
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1.10
description VLAN 10 DATA VLAN
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip inspect ethernetin in
ip virtual-reassembly in
interface GigabitEthernet0/1.20
description VLAN 20 VOICE VLAN
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.30
description VLAN 30 WIRELESS VLAN
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip inspect ethernetin in
ip virtual-reassembly in
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
trunk-group PRI
no cdp enable
interface Vlan1
no ip address
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:CME8.6/GUI
ip nat inside source static tcp 192.168.10.10 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 192.168.10.10 25 interface GigabitEthernet0/0 25
ip nat inside source static tcp 192.168.10.10 1723 interface GigabitEthernet0/0 1723
ip nat inside source static tcp 192.168.10.10 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.10.10 123 interface GigabitEthernet0/0 123
ip nat inside source static tcp 192.168.10.10 987 interface GigabitEthernet0/0 987
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 75.152.248.1
ip route 0.0.0.0 0.0.0.0 75.152.248.1 254
ip route 0.0.0.0 0.0.0.0 205.206.0.1 254
ip route 192.168.20.2 255.255.255.255 ISM0/0
ip access-list extended outside_access_in
permit udp any any eq bootps
permit udp any any eq bootpc
permit tcp any host 22.22.22.22 eq 1723
permit tcp any host 22.22.22.22 eq 3389
permit tcp any host 22.22.22.22 eq smtp
permit tcp any host 22.22.22.22 eq 443
permit tcp any host 22.22.22.22 eq domain
permit udp any host 22.22.22.22 eq domain
permit tcp any host 22.22.22.22 eq 123
permit icmp any host 22.22.22.22 unreachable
permit icmp any host 22.22.22.22 echo-reply
permit icmp any host 22.22.22.22 packet-too-big
permit icmp any host 22.22.22.22 time-exceeded
permit icmp any host 22.22.22.22 traceroute
permit icmp any host 22.22.22.22 administratively-prohibited
permit icmp any host 22.22.22.22 echo
permit tcp any host 22.22.22.22 eq 987
permit tcp any host 22.22.22.22 eq 47
permit gre any host 22.22.22.22
permit udp any host 22.22.22.22 eq isakmp
permit esp any host 22.22.22.22
access-list 23 permit any
access-list 101 deny ip 192.168.20.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 192.168.30.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 192.168.10.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 deny ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 110 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
Solution: Support forums teamI have the same problem also. Restarting isn't helping and the auto lock/unlock button is on. Plus a couple of time when I turn it on it is asking if I want to power off. That is when I push the button on the front to wake it up. Not the power button on top. I have an IPAd 2. Worked fine before the update.
-
Back to my Mac: Double NAT error
I can't seem to get Back to my Mac to work. My Airport Extreme says that I have a double NAT error. I have tried to put it in Bridge mode, but doing so disables the wireless capabilities of the Airport Extreme.
The geography of my network is as follows:
Cable port on wall> Cable modem
Cable modem> Ethernet> Airport Extreme
Airport Extreme> WiFi> Macbook Pro
I have a Motorola surfboard modem, which I have called Motorola about and they say that it does not provide a layer of NAT. I have called my ISP and they confirmed that they do not provide a layer of NAT as well.
Does anyone have any ideas on how to resolve this issue?FiggyOO wrote:
I have confirmed that my modem is simply a modem, no gateway. In case you were wondering its a Motorola SB5101U. According to the Airport utility, my IP is 10.1.4.104.
If that's really the "WAN" IP address of your AirPort unit, then it's a "private" IP address, as it's in one of the private address ranges of 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255. You can verify that address in the AirPort Utility Internet panel, TCP/IP tab. Unless your ISP tells you otherwise, you should have the "Configure IPv4" set to "Using DHCP" and the WAN IP address should be just below that.
If that address checks out, something "upstream" of your AirPort unit is doing a NAT operation.
The manuals I found for your modem seem to confirm that it has no router functionality, so it would be unable to be the source of the NAT.
I'd call your ISP and ask them why your modem is passing you a "private" IP address. There no need (at least initially) to mention what you have connected to the modem, as that would only tend to confuse the support people. -
I have a comcast router connected to the airport extreme then on to airport express.
Comcast just changed their router to bridge only. My airport extreme is flashing yellow w/ Double NAT status. The airport express is fine.
Any suggestions on how to fix the Double NAT issue?
Thanks in advanceAs LaPastenague has already noted, you have a modem/router, also known as a gateway device which is providing DHCP and NAT services.
Since the AirPort is also providing NAT services when it is setup as a router, you can easily see where the Double NAT is coming from.
So, one of the "techs" did not even know what type of device you had. That is gross incompetence.
The other two "techs" might have tried, but neither of them was successful setting up the SMC as a simple bridge mode modem......yet they told you they were successful. It just may not be possible to do this with the device that you have.
A simple modem......it will have only one Ethernet port on it......is what you need. It will be in bridge mode by default. When you connect the AirPort to the simple modem, your network will function correctly without errors.
Something like this, for example......http://www.zoomtel.com/products/5341J.html........which is an approved modem for use with Comcast.
Not sure where you want to go from here, but we'll try to help if you have further questions.
Maybe you are looking for
-
Java3D: 2D co-ords to 3D co-ords
Hi I'm new to Java3D and am writing a program where it displays a cylinder at specified points. I have also implemented MouseListener for mouse control. The problem is the MouseListener is on different co-ordinates from what the Canvas3D is using, To
-
Parsing problems under xmlparserv2.jar
I cannot parse a XML file with the Oracle XML Parser xmlparserv2.jar. I have also tried to attached a XML Schema to the file and the same error occurred. Trying another parser ( crimson.jar) the file was parsed successfully. So I think I am missing s
-
I have a late 2012 mbpr w/ external superdrive. I inserted a disc it won't read, so it doesn't appear on my desktop and disc utility is no help until the disc is read. there is no eject button. What do i do?
-
Error while installing OracleXE
hai... I've been downloaded OracleXE.exe. But ... If i run that exe file from my computer, it shows me the error like "error reading setup initialization file." what is the problem going on here ? how can i run OracleXE.exe file ? What should i do ne
-
Hi All, In odi 10g,I created a physical and logical data servers in architecture. Added schemas at both places. This was done for both source and target systems. All my databases(source and target) are oracle 10g. I was succseefully able to reverse e