Is bridge mode secure?

I am using a imac connected to Time Capsule, then to tmobile cell spot booster, then to comcast modem.  Apparently each has a function.  But the TC made me change its setting to Bridge Mode. I'd wondering if this is less secure.  Does the security come through the sign in I have to do for the Comcast and TMobile routers?

The security is furnished by the main network router, so in your case bridge mode is secure since you are connecting to the main network router.

Similar Messages

  • Http secure-server on 887VA in bridge mode

                      I'm setting up an 887VA to bridge between vlan1 and the atm0 interface. For remote management and to access the https for web management on this device, can I pop one of the 4 fe interfaces into a different vlan to assign it an IP address?
    Not critical, but since you can't assign individual fe interfaces to the bridge group, it would be nice.
    TIA
    Jason

    HI Gilles,
    this is quite confusing as I learnt in a workshop with some Cisco SEs that the CSM is bridging all traffic which is not destined to a VIP if you do bridged mode. I agree with you that you realy need the predictor if you are running secure/routed mode.
    However Chi Wang (I hope that's your forename):
    In regards of your first question:
    I think nothing has to be done to get the reals directly the only thing which has to be ensured it that they are plugged in the correct vlan and reside in that vlan.
    In regards of your second question:
    Have you checked if the routing from the servers to the GW is done correctly (towards a gateway in the Layer3 subnett?)
    Btw are the servers connected in the server vlan?
    Have you done a ping from the MSFC towards the servers?
    have you done a traceroute from the servers to the destination you want to reach? Where does the traceroute stop?
    Some additional questions from my side:
    You set up the CSM in bridged-mode however the reals could be on a different LAyer3 hop? What's your topologiy maybe you can give us a hint of how you config looks like and what's the topology.
    Kind Regards,
    Joerg

  • WAN security in bridge mode

    Greetings!
    I have an Airport Extreme 802.11n hooked up to a cable modem, and I am pondering switching the Airport from NAT mode to bridge mode. The purpose is to give each client on the network its own WAN IP. As I share an apartment with two friends, this has benefits in that it allows each of us to be as hidden or visible on the internet as we like, without disadvantage to the others.
    I am looking for some input on the security implications of this besides the obvious fact that all clients are now solely dependent on their own firewalls.
    Some questions:
    - I have two hard drives shared with AirDisk. If I have deselected the option to make them available via WAN, is this enough to keep anyone from accessing them from the outside?
    - I know there is a lot of "background noise" on the internet – random infested computers scanning random IPs. This will of course be stopped by the firewalls on the clients (of which two of three are Macs), but is this traffic of such a volume that wireless performance will be affected?
    - Do you have any other thoughts on the implications of such a configuration?
    Any input is greatly appreciated!

    Your ISP is most likely only allowing you one IP number. While you might be able to call them up and have another number added to your connection, if this is available, it will cost you more money. NAT not only acts as a firewall but it splits the one IP number up between two computers so that you don't have to pay an ISP for every piece of hardware on your network.
    Even if you have share over WAN disabled, when you turn on bridge mode, that setting will disappear is it no longer applies and it will be accessible over the network.
    So what do we have now? Your computer will be requesting an IP number and your roommates computer will be requesting one too, but wait the AEBS also wants its own number, so that's three numbers, plus you will also not be able to block people from trying to change settings on your router.
    If you or your roommate are running any software that requires it be recognized by incoming network traffic, then take a look into setting up port forwarding or turning on host computer for for whichever machine needs this.

  • Does putting the airport in bridge mode effect the security of the internal private network

    If I put my Airport Extreme in bridge mode for running Echolink, will it effect the security of my internal private network?

    Not at all.

  • Question about TC setup, bridge mode and security...

    Hello All
    I need some help...
    Have bought a 1 Tb TC to use with my existing ethernet/wireless all-Mac home network but have some specific queries.
    The system is set-up as follows:
    Cable modem > connected by ethernet cable to > 8-way Ethernet switch
    Connected via ethernet cable to the 8-way switch are: one MacBook (in another part of the house) and the TC (via its WAN socket).
    Elsewhere in the house, and _all connected wirelessly_ are:
    iMac G5
    Powerbook G4
    hi-fi (connected via an Airport Express)
    Airport Extreme basestation to which a HP Laserjet is connected via ethernet.
    Question:
    Before buying the TC, I used a spare Airport Express basestation in its place to act as the 'main' basestation and the IP addresses of each device on the network were 10.0.0.1, 2, 3, etc. I had the impression that my home network was not "seen" by the outside world as a consequence of this.
    Now, the TC seems only to work when in 'bridge' mode and it seems that the IP addresses are 196.xxx.x.100, 101, 102 etc. Does this mean that these devices are now visible to the outside world. Have I compromised my network security? I am worried that the outside world may have access to the contents of my TC, although my TC is password protected and the wireless network is 'closed'. What else should I be doing?
    Finally, should I have set up the network so that the cable modem feeds to TC directly, with the 8-way ethernet switch coming off one of the ethernet sockets on the TC?
    In all honestly, the instructions in the manual and the help guide are less than clear.
    Can anyone help?
    Thanks
    Daniel

    Section 4, here are my thoughts.
    1. Since you are currently seeing individual IP addresses like 196.xxx.xxx.100, etc., it sounds like your modem is also acting as a router. This also seems to be the case since the Time Capsule is only working in bridged mode (it wouldn't work in Share a Public IP address if another device is assigning private DHCP addresses). Now, you could still allow the Time Capsule to act as a DHCP server on your private network by enabling Connection Sharing as Distribute a range of IP addresses. This will create a private network within your private network where all the devices that are connected to your Time Capsule can see each other. If you leave it in bridged mode then you allow your cable modem to assign DHCP addresses and all devices that are connected to the Time Capsule or to your ethernet switch are on the same network.
    2. Assuming your cable modem is acting as a router you shouldn't have to worry about security, although you will have to access your modem's settings to make sure port forwarding isn't enabled and that the firewall is turned on (although I'm sure it is). I personally would plug the ethernet switch into the LAN port of the Time Capsule and allow the WAN port of the Time Capsule to be plugged into the cable modem. I also would just leave the Time Capsule in bridged mode as well, that's what I do for my own personal network.

  • Security Cameras & Bridge Mode

    Hello,
        I am instaling wireless security cameras in my house and I want to be able to monitor things while I am out of town. Try as I might, I am unable to see the cameras outside of my network. When I try to see the port at my current IP, I will get messages similar to "Connection Timeout"
    I have a G90-610015-20 DSL modem using PPP0E Protocol. Would switching the modem to bridge mode help?

    Yes that would help, as long as: #1 You have a RJ-45 WAN port router. #2 The RJ-45 WAN port of it is connected to the modem combo. #3 And you know the PPPoE Log-in info (user name and password)
    If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

  • Is it possible for SA540 to work in transparent bridge mode?

    Hi all,
    I've been considering to use a Cisco SA540 in an industrial project; please consider Scenario 1 and 2 files attached (bear with me - I'm an engineer, not an artist).
    All networks mentioned in both scenarios are regular and well known Ethernet TCP/IP networks. The Corporate Network and Automation Network (including the DMZ) are in different subnets. The Corporate Network is the biggest one, similar to any company's corporate network you all know. The Automation Network exists for the purpose of operating and maintaining the industry process; it's smaller but highly critical. Only specific staff (automation staff and dedicated operators) have access to it. Although many devices and networks in the Automation Network are industry specific - not so well known, a small segment of it is plain Ethernet TCP/IP, as I've already stated. The Automation Network has a DMZ, where we lay servers that provide industry process information for the Corporate Network.
    Scenario 2 may look at a first glance the best option, since it's simpler, doesn't require another router and benefits from Cisco SA540 support for both a LAN and a DMZ. The problem with Scenario 2 is the following:
    Since both networks are maintained by different teams under different management, TI staff would have absolute control over the Cisco SA540. This way automation staff could not grant that the Automation Network is really protected from the Corporate Network.
    TI staff may even demand for another device to interface with the Automation Network - which is not Cisco SA540, since they rule everything that lives in the Corporate Network. In this case, I have my hands tied!
    Scenario 1 solves the above problems. Since automation would have absolute control over the Cisco SA540, they could grant security for the Automation Network (except for DMZ, but that's the reason why it is called a DMZ!). TI staff could ask for any router they prefer to interface with the DMZ, I would never mind about it.
    Considering the above, I will probably be forced to adopt Scenario 1 instead of Scenario 2. So here comes my question: is it possible for Cisco SA540 to work with the same subnet for both WAN and LAN interfaces (in Scenario 1, no DMZ interface is required)? In other words, is it possible for Cisco SA540 to work in transparent bridge mode? I've been through all of the Cisco SA540 Administration Manual and as far as I could understand, routing is not an option - it is demanding.
    Although I understand I could adopt Scenario 1 and still have different subnets for DMZ and the rest of the Automation Network by connecting the DMZ to the WAN interface and the rest of the Automation Network to the LAN interface in the Cisco SA540, I believe it's not worth the effort. The Automation Network is so small and we do all we can to keep it as simple as possible.

    Adriano, there is a RV042G, which supports the gig ports and a 800 mbps nat throughput. Here is the datasheet
    http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps12262/data_sheet_c78-706724.html
    If you are using a DSL connection, the SRP527/547 models may be an alternative. These models support the RFC 1483 Bridges EOA Please note the SRP547 should be 10/100/1000. Also note the SRP521/541 are Fast Ethernet units and they do differ from the SRP527/547. The main selling point of these devices are the FXS/FXO ports. So this may also be a bit of an "unfocused" solution. But it's worth throwing the idea out there!
    Here is the admin guide;
    http://www.cisco.com/en/US/docs/voice_ip_comm/unified_communications/srp540_series/administration/srp500_AG_2567701.pdf
    Here is the datasheet;
    http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10500/data_sheet_c78-550705.pdf

  • Port forwarding but can only connect to wifi in Bridge Mode

    Hi
    Our ISP is TalkTalk and we use their Fibre service which connects through a BT Open Reach Modem.  The TalkTalk router seemed to causing drop outs in wifi on my macbook pro so I bought an Airport Time Capsule for the wifi router and to back up my mac.
    We aren't issued with PPPoE details and the advice from the TalkTalk community was to connect with the Router in Bridge Mode.  This has worked a treat with the various Apple and non Apple items we have in out house except one.
    We have security cameras which we control through a Windows laptop and can view one out phones.  To make this happen we have to set up port forwarding. However, we can't do this as it's in Bridge Mode (as far as I understand).
    I'm afraid my knowledge of these things is very basic so I'm hoping that someone will have an easy answer to this.  Anyone got any advice on how I can make this pretty white box do its stuff please?
    Thanks in advance!

    No idea what a double NAT is but you clearly do so here goes...
    traceroute 8.8.8.8 on the mac gives as follows:
    traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
    1  192.168.1.1 (192.168.1.1)  6.246 ms  2.840 ms  2.875 ms
    2  89-168-80-1.dynamic.dsl.as9105.com (89.168.80.1)  14.513 ms  14.967 ms  20.831 ms
    3  host-78-151-225-23.static.as13285.net (78.151.225.23)  19.752 ms  20.399 ms  28.106 ms
    4  host-78-151-229-12.as13285.net (78.151.229.12)  19.760 ms
        host-78-151-225-140.static.as13285.net (78.151.225.140)  18.391 ms
        host-78-151-225-136.static.as13285.net (78.151.225.136)  18.467 ms
    5  host-78-144-8-11.as13285.net (78.144.8.11)  29.582 ms
        host-78-144-8-53.as13285.net (78.144.8.53)  31.276 ms
        host-78-144-8-5.as13285.net (78.144.8.5)  27.278 ms
    6  72.14.214.222 (72.14.214.222)  37.593 ms  25.132 ms
        72.14.242.127 (72.14.242.127)  30.195 ms
    7  209.85.252.188 (209.85.252.188)  27.070 ms
        209.85.252.186 (209.85.252.186)  77.680 ms
        209.85.252.188 (209.85.252.188)  24.477 ms
    8  209.85.253.90 (209.85.253.90)  24.506 ms
        209.85.253.196 (209.85.253.196)  29.255 ms
        209.85.253.90 (209.85.253.90)  26.403 ms
    9  66.249.95.173 (66.249.95.173)  41.521 ms
        72.14.232.134 (72.14.232.134)  35.473 ms  30.789 ms
    10  209.85.251.231 (209.85.251.231)  30.069 ms
        216.239.49.45 (216.239.49.45)  31.578 ms
        209.85.252.83 (209.85.252.83)  31.383 ms
    11  * * *
    12  google-public-dns-a.google.com (8.8.8.8)  38.442 ms  30.063 ms  30.282 ms
    traceroute 8.8.8.8 on the mac plugged into the HG533 gives as follows:
    traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
    1  192.168.1.1 (192.168.1.1)  0.999 ms  0.679 ms  0.668 ms
    2  89-168-80-1.dynamic.dsl.as9105.com (89.168.80.1)  13.577 ms  12.817 ms  13.668 ms
    3  host-78-151-225-23.static.as13285.net (78.151.225.23)  16.828 ms  15.490 ms  24.315 ms
    4  host-78-151-225-140.static.as13285.net (78.151.225.140)  18.755 ms
        host-78-151-225-30.static.as13285.net (78.151.225.30)  20.538 ms
        78.151.229.0 (78.151.229.0)  19.488 ms
    5  host-78-144-8-29.as13285.net (78.144.8.29)  23.690 ms
        host-78-144-8-39.as13285.net (78.144.8.39)  26.756 ms
        host-78-144-8-59.as13285.net (78.144.8.59)  23.145 ms
    6  72.14.242.127 (72.14.242.127)  24.608 ms  26.403 ms
        72.14.214.222 (72.14.214.222)  22.601 ms
    7  209.85.255.78 (209.85.255.78)  26.205 ms  23.783 ms
        209.85.252.186 (209.85.252.186)  25.291 ms
    8  209.85.253.94 (209.85.253.94)  25.553 ms
        209.85.253.196 (209.85.253.196)  58.607 ms  31.902 ms
    9  66.249.95.173 (66.249.95.173)  49.369 ms
        72.14.232.134 (72.14.232.134)  32.418 ms  32.654 ms
    10  72.14.238.43 (72.14.238.43)  34.146 ms
        209.85.252.83 (209.85.252.83)  34.292 ms
        216.239.49.45 (216.239.49.45)  29.860 ms
    11  * * *
    12  google-public-dns-a.google.com (8.8.8.8)  36.619 ms  36.902 ms  29.731 ms
    Hope this gives the result we're after

  • Guest network in bridged mode (or other non-DHCP mode)

    Hello,
    I have the (Simultaneous Dual Band II) Airport extreme.
    I wanted to use it at work but creating a secure network (my printer, computers, and drives) and a guest network (no password so people can access internet).
    They already have a DHCP server (in the past I have a mistake by forgetting to turn off DHCP on a router which assigned other computers IP address (upstream) which conflicted with their DHCP server and all kinds of problems ensued).
    So I know that in Bridge Mode, the guest network is turned off.
    What are my options? I'm afraid to take if off bridge mode because of the DHCP issue. But I really want to use the dual network mode on the Airport Extreme.
    So I don't want to bring down the whole network, can i safely use something other than bridge mode? other ideas?
    Thanks in advance for any feedback
    (yes I have searched a lot for the issue but I'm not sure what to do)

    First, you question the policies about my work place (none of your business).
    Sorry for suggesting that you check the policies before you violate something that could get you fired.
    But then, you "would bet" that I hooked something wrong (could have asked).
    Sorry but that is certainly a higher probability than a router malfunctioning in that manner.
    It may not be your intention (just as it is not mine to be ungrateful).
    Not sure if you are showing that with your last post.

  • Can you share an external hard drive over a network when your Apple Airport Extreme is in bridge mode?

    Hello, is it possible to share an external hard drive over a network when I have my Airport Extreme in bridge mode?  I can't use my AE as my main router at the moment but still want to be able to use the hard drive on the network, and the router I am using isn't capable of adding an external hard drive.  I use Windows 7 and the other router is a Netgear.  I have searched the communities and have not come across an answer to this question.  I have tried several configurations within windows to try and see the hard drive but none have worked.  I can see the hard drive when I run Airport utlities, but it cannot be seen on the network.  Thanks to anyone who can help!

    I think there is some confusion in this thread..
    If you are sharing on a local LAN port forwarding is not required.
    is it possible to share an external hard drive over a network when I have my Airport Extreme in bridge mode?
    Answer is yes.. no port forwarding, mapping whatever term is used.. is needed. Port mapping is required when you cross over a NAT router.. as long as all the devices are inside a single LAN.. then no port mapping.
    I assign to my Airport Extreme, do I do so with the settings of:
    Service: SMB
    Type: TCP
    Server IP: xx.x.x.x
    Port Start: 445
    Port End: 445
    This would not work even from WAN.. SMB is blocked by all responsible ISP.. there is simply too many unprotected windows machines out there. If they allowed SMB .. the world would be flooded with hijacked bots. And stolen data like bank accounts. SMB is not a secure protocol.
    But this is not necessary on a LAN.
    The problem can be Mavericks which does a terrible job presenting network drives.. The usual recommendations are to use AFP or force the connection to CIFS (ie SMB1 not 2).
    If you use airport,, then use AFP.
    In finder.. Go, Connect to server.
    AFP://AEname or AEIPaddress. (replace with the network name of the AE or its actual IP address).
    When asked for password.. type public if you did not change it or use whatever password you put.
    Store the password in the keychain.

  • Extreme in WPA2 and Bridge mode

    Extreme (802.11n) that we want to use as Access Point. Latest firmware v7.4.1.
    Setting the Extreme up with no wireless security let me connect users wirelessly with the Extreme in Bridge mode. Using WPA/WPA2 only works when the Extreme is not in Bridge mode. Using Bridge mode and WPA/WPA2 causes complete loss to the unit, even with Airport Utility.
    Thanks

    The Verizon modem/router is already providing DHCP and NAT services for the network.
    If you have the AirPort Extreme that is connected to the Verizon modem/router also setup to provide DHCP and NAT, as you state, then you have two devices both trying to provide routing services for the network.
    You only want one device providing DHCP and NAT for a network.
    You are likely not getting DHCP IP address conflicts since Apple uses a different DHCP range than Verizon, but with both devices providing NAT services, it is easy to see why you are picking up the Double NAT error.
    All of your Apple devices need to be in Bridge Mode if you want to avoid the Double NAT error.

  • ACE30-MOD-k9 in bridge mode. Individual server in the same vlan of Real Servers not reacheable.

    I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
    I Thought that the traffic directed to this "spare" server shouldn't  be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
    What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
    In rispect at the following configuration 10.10.10.168 isn't reacheable
    access-list INBOUND line 8 extended permit ip any any
    access-list INBOUND line 16 extended permit icmp any any
    probe http HTTP_PROBE1
      expect status 200 200
    rserver host RS_WEB1
      ip address 10.10.10.163
      inservice
    rserver host RS_WEB2
      ip address 10.10.10.164
      inservice
    rserver host RS_WEB3
      ip address 10.10.10.165
      inservice
    rserver host RS_WEB4
      ip address 10.10.10.167
      inservice
    serverfarm host SF_FIREGROUP
      rserver RS_WEB1
        inservice
      rserver RS_WEB2
        inservice
      rserver RS_WEB3
        inservice
      rserver RS_WEB4
        inservice
    sticky ip-netmask 255.255.255.255 address source sticky-ip
      replicate sticky
      serverfarm SF_FIREGROUP
    sticky http-cookie myCookie sticky-cookie
      cookie insert browser-expire
      serverfarm SF_FIREGROUP
    class-map match-any VS_FIREGROUP
      2 match virtual-address 10.10.10.169 tcp eq www
      4 match virtual-address 10.10.10.169 tcp eq 8081
      5 match virtual-address 10.10.10.169 tcp eq 8082
      6 match virtual-address 10.10.10.169 tcp eq 8083
      7 match virtual-address 10.10.10.169 tcp eq 8084
      8 match virtual-address 10.10.10.169 tcp eq 8085
      9 match virtual-address 10.10.10.169 tcp eq 8097
    class-map match-any VS_FIREGROUP_HTTPS
      2 match virtual-address 10.10.10.169 tcp eq https
    policy-map type loadbalance first-match HTTP
      class class-default
        sticky-serverfarm sticky-cookie
    policy-map type loadbalance first-match HTTPS
      class class-default
        sticky-serverfarm sticky-ip
    policy-map multi-match HTTP_HTTPS_MULTI_MATCH
      class VS_FIREGROUP
        loadbalance vip inservice
        loadbalance policy HTTP
        loadbalance vip advertise active
      class VS_FIREGROUP_HTTPS
        loadbalance vip inservice
        loadbalance policy HTTPS
        loadbalance vip advertise active
    interface vlan 4
      bridge-group 1
      access-group input INBOUND
      service-policy input HTTP_HTTPS_MULTI_MATCH
      no shutdown
    interface vlan 700
      bridge-group 1
      access-group input INBOUND
      no shutdown
    interface bvi 1
      ip address 10.10.10.150 255.255.255.0
      no shutdown
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    Thanks a lot
    Francesco

    Hi Francesco,
    Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
    But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
    Regards,
    Kanwal

  • Share Airport Connection to Ethernet port in BRIDGE mode?

    I've been trying to do this for a while now, but I haven't been able.
    I have the modem form my ISP hooked to a Airport Express configured in BRIDGE mode, thus creating a wireless network for my home with "live" IPs for all the computers (yes... I know the security risks...).
    My G4 (across the room) gets Internet from it's Airport Card and I configured the Share Internet preference pane to "Share the Internet Connection from the Airport to the Ethernet Port", so I can create (...extend, really) a WIRED network from my G4's Ethernet Port.
    The thing is that I want this wired network to have also "live" IPs, but the Airport Card always has the "Distribute IP Addresses" (or it's equivalent, from the Airport Admin Setup) activated, so it provides a 192.168.X.X network and I can't find a way to turn that off.
    In other words, I want it to acts as a BRIDGE and not as DHCP Server.
    Anyone?
    TIA

    I was trying to use IPNetShareX to configure it, but I didn't find a way. I'll keep looking...
    http://www.sustworks.com/site/prodgnatoverview.html
    Thanks anyway

  • Arris modem & AEBS in bridge mode w/ OS X server (Yosemite)

    I have been using a AEBS (ac) as router in bridge mode behind an Arris cable modem (with its own wireless network setup) and have it create a wireless network. I extended it with 1xAEBS (ac) and 2x AEBS (n) to reach all corners of the house, all in "extend" and "bridge" mode. The AEBS (ac) router is using Ethernet cable to connect to Arris modem. This setup worked well for me and still does, until...
    Recently, to get access to my files on the network from the Internet, I installed OS X server (4.2) on Yosemite running on a MP (have a few drives attached). I intend to use the servers VPN service, but cannot get its new reachability tool to identify any services running. After doing some searching I found tutorials on how to run the AEBS in DHCP and NAT mode, which results in a double NAT error the way my modem/provider service is setup.
    I have not been able to find a tutorial how to configure the server in Internet mode behind the AEBS (ac) router in bridge mode. I do have a domain name, but the service provider does not offer Dynamic DNS service. And I did let the server install the DNS services automatically.
    A server setup guide when running AEBS in bridge mode would be very helpful.
    I would need some help configuring the AEBS router as well as setting up the server - thanks a lot!

    I see nobody else has jumped in.. so I read this last night and thought it was a bit too hard..
    But perhaps I can get you to at least clarify some stuff.
    Arris cable modem (with its own wireless network setup)
    What model is the arris? Since it has its own wireless it is a router.. or what is sometimes called gateway.
    I have been using a AEBS (ac) as router in bridge mode
    You cannot use "as router" in bridge.. they are opposites.. but I think you just mean.. AEBS is in bridge.. the mention of router is to qualify the AEBS which we know is a router.
    I intend to use the servers VPN service, but cannot get its new reachability tool to identify any services running.
    I do not use server and I would not have done the setup this way to get access to your files.. but the vpn service should work.
    Test by using a computer on the local network running a vpn client to see if you can log in to the server. It is much easier to get things working locally before you attempt to do it remotely.
    What type of vpn is it.. I can look it up but easier if you post the details.. each vpn uses different port forwarding requirements. PPTP is different to IPSEC which is different to L2TP which is different to SSL.
    After doing some searching I found tutorials on how to run the AEBS in DHCP and NAT mode, which results in a double NAT error the way my modem/provider service is setup.
    You cannot run two routers.. that will mess things up. The AEBS should be in bridge.. double NAT will kill your access.
    I have not been able to find a tutorial how to configure the server in Internet mode behind the AEBS (ac) router in bridge mode. I do have a domain name, but the service provider does not offer Dynamic DNS service. And I did let the server install the DNS services automatically.
    Some of this I have not used.. so I cannot say much.. I much prefer to do vpn using vpn routers.. it is far easier.
    Anyway.. the bridged AEBS is irrelevant.. your problem is needing to setup the Arris for VPN pass through. This sometimes involves something simple like tick a box.. it can also be complicated and need port forwarding.
    You can use Dynamic DNS client in the Arris.. that will be the best place to set this up.
    You will need to download and read carefully the manual for your arris gateway.
    Let me also suggest you run ethernet directly to the arris .. bypass the Extreme altogether.. it is not related to this setup but can cause issues.. because Apple have some inbuilt ipsec security for BTMM.
    For setting up yosemite server to do vpn I recommend you post in the Server OS area of the discussions.

  • ACE30_MOD-K9 in bridge mode. Individual servers in the same vlan of rserver not reach.

    I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
    I Thought that the traffic directed to this "spare" server shouldn't  be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
    What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
    In rispect at the following configuration 10.10.10.168 isn't reacheable
    access-list INBOUND line 8 extended permit ip any any
    access-list INBOUND line 16 extended permit icmp any any
    probe http HTTP_PROBE1
      expect status 200 200
    rserver host RS_WEB1
      ip address 10.10.10.163
      inservice
    rserver host RS_WEB2
      ip address 10.10.10.164
      inservice
    rserver host RS_WEB3
      ip address 10.10.10.165
      inservice
    rserver host RS_WEB4
      ip address 10.10.10.167
      inservice
    serverfarm host SF_FIREGROUP
      rserver RS_WEB1
        inservice
      rserver RS_WEB2
        inservice
      rserver RS_WEB3
        inservice
      rserver RS_WEB4
        inservice
    sticky ip-netmask 255.255.255.255 address source sticky-ip
      replicate sticky
      serverfarm SF_FIREGROUP
    sticky http-cookie myCookie sticky-cookie
      cookie insert browser-expire
      serverfarm SF_FIREGROUP
    class-map match-any VS_FIREGROUP
      2 match virtual-address 10.10.10.169 tcp eq www
      4 match virtual-address 10.10.10.169 tcp eq 8081
      5 match virtual-address 10.10.10.169 tcp eq 8082
      6 match virtual-address 10.10.10.169 tcp eq 8083
      7 match virtual-address 10.10.10.169 tcp eq 8084
      8 match virtual-address 10.10.10.169 tcp eq 8085
      9 match virtual-address 10.10.10.169 tcp eq 8097
    class-map match-any VS_FIREGROUP_HTTPS
      2 match virtual-address 10.10.10.169 tcp eq https
    policy-map type loadbalance first-match HTTP
      class class-default
        sticky-serverfarm sticky-cookie
    policy-map type loadbalance first-match HTTPS
      class class-default
        sticky-serverfarm sticky-ip
    policy-map multi-match HTTP_HTTPS_MULTI_MATCH
      class VS_FIREGROUP
        loadbalance vip inservice
        loadbalance policy HTTP
        loadbalance vip advertise active
      class VS_FIREGROUP_HTTPS
        loadbalance vip inservice
        loadbalance policy HTTPS
        loadbalance vip advertise active
    interface vlan 4
      bridge-group 1
      access-group input INBOUND
      service-policy input HTTP_HTTPS_MULTI_MATCH
      no shutdown
    interface vlan 700
      bridge-group 1
      access-group input INBOUND
      no shutdown
    interface bvi 1
      ip address 10.10.10.150 255.255.255.0
      no shutdown
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    Thanks a lot
    Francesco

    Hi Francesco,
    Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
    But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
    Regards,
    Kanwal

Maybe you are looking for

  • How to read thai from a file

    Hi I am reading data from a excel file using JDBC ODBC. I have three column in excel sheet first two column data is in english and third one in thai language. I am able to retrive the data from the first two column but not the third. I am not able to

  • Adding XML Attriubutes to Nodes

    Hello, I'm working on a project that requires parsing of messages between server and client programs and we're using XML as the language. The server is programmed in C# and the client in Java .. I need something like this: <ROOM> <TYPE message="CREAT

  • Problem Displaying Unicode at the console

    Hello, What do I need to do to print out a unicode charecter which is of some other language for example ( telugu,an indian language). I had found out that the unicode range for telugu is 0C00 to 0C7F. I had tried doing char c = '\u0C10';           S

  • Maintaining access for different Pers Area for different Infotypes.

    Hello, We have two Pers. Areas. 1000 and 1020. HR coordinator would like to see Certain Info types(9011) for 1000 and 1020 & other infotypes for 1020 ONLY in PA20. I tried to put the P_ORGINCON with different PA as below.   Authorization level       

  • IPod 2g and OS 4.1 and WiFi

    Hi, Does anyone know if 2g and os 4 are compatible and what snags I can expect if any? And also if the WiFi constantly on issue has been resolved from earlier os 4 releases? Thanks, Dave