Sprint Broadband

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
russellhltn
Community Administrator
Posts: 31297
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#11

Post by russellhltn »

Techgy wrote:If this is what you have try removing the router and connect the ASA directly to the DSL modem.
So how do you plug the USB "modem" into the ASA firewall? ;)
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#12

Post by techgy »

RussellHltn wrote:So how do you plug the USB "modem" into the ASA firewall? ;)
Good point. I hadn't noticed the USB statement. As I had mentioned earlier I'm not familiar with the Modem that he's using. However, running the modem through another router and then to the ASA may be the problem. The ASA likes to be the primary DHCP controller and be connected directly to the modem - according to the installation instructions.
russellhltn
Community Administrator
Posts: 31297
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#13

Post by russellhltn »

Chaining routers is not the best way to go. I'd try to disable as many features and open up the Cradlepoint CTR-350 router as much as possible. If there's a "DMZ" function, that would be the way to go.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
rmaughan
New Member
Posts: 32
Joined: Mon Feb 05, 2007 10:47 am
Location: Colorado Springs

#14

Post by rmaughan »

For more information including pictures of the CTR-350 that I'm using, see the following web page:

http://www.cradlepoint.com/ctr350/ctr350.php

The internet service comes over the Sprint cellular network and I'm using a Sierra Wireless Compass 597 USB modem:

http://www.sierrawireless.com/product/compass_597.aspx

This USB modem plugs into the USB port on the CTR-350 which converts the cellular packets into Ethernet packets. The CTR-350 is a router and has built-in WIFI, but I have disabled the WIFI and I have set up the DMZ with the WAN IP address of the Cisco ASA firewall. This means that all traffic should be bypassing any of the "router" features of the CTR-350.

The Ethernet port on the CTR-350 can operate in a WAN or LAN mode -- I'm using it in LAN mode so that it can connect to the WAN port of the Cisco ASA.

I actually ended up configuring the Cisco ASA (using the serial cable and the provided instructions) to use a static IP address for its WAN port -- the reason being that I couldn't seem to get the Cisco ASA to get an IP address using DHCP to the CTR-350. Any other computer I plugged into CTR-350 easily got an IP address using DHCP, so I don't know why I had troubles with the Cisco ASA. I left the DHCP server running on the CRT-350 in case I ever want/need to trouble shoot by plugging in a computer instead of the Cisco ASA.

Orginally, we were being steered towards the Cradlepoint MBR-1000, but it was $100 more and it had more features (i.e. 3 external wifi antennas, 4-port switch, etc.) that we weren't going to be able to use anyway (because it was in front of the firewall)...so that's why I went with the CTR-350 instead. It was there least expensive unit with the minimum features of having at least a USB port and one Ethernet port.

Let me know if you have any more questions.

Rob
russellhltn
Community Administrator
Posts: 31297
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#15

Post by russellhltn »

robm wrote:This means that all traffic should be bypassing any of the "router" features of the CTR-350.
Mostly. But I think there's still an address translation going on. Plus, it's also possible that the unit is not forwarding ALL the ports to the DMZ.
robm wrote:I couldn't seem to get the Cisco ASA to get an IP address using DHCP to the CTR-350.
I think that's going to come back and bite. In addition to the IP address, DHCP also transfers the DNS information. Sure, you can get that and update it manually, but if the ISP changes that, then you'd have to re-discover the new settings and update them.

It also tends to make me believe that there's something else wrong and that's the source of the problem.

My only suggestions is to make sure that you get connect lights on both units and to power cycle the units between tests. I've seen cable modems that will connect to one and only one device. If you change that device, then you have to power cycle the modem.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
Mikerowaved
Community Moderators
Posts: 4398
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#16

Post by Mikerowaved »

robm wrote:...but I have disabled the WIFI and I have set up the DMZ with the WAN IP address of the Cisco ASA firewall.
Rob, at first I tried setting up the ASA using my router's DMZ feature, but the GSD folks had me shut it off saying it was normally not required. In my case, they were right. As long as the ASA's WAN port can pull an IP address from a router's DHCP server, it was good to go. (You can always tell by seeing a steady green VPN light on the ASA.) Granted, my experience has only been with cable and DSL modems, but I can't see it being much different in your case.

And yes, Russell's suggestion of power cycling in the right sequence can sometimes make a difference.

Mike
So we can better help you, please edit your Profile to include your general location.
rmaughan
New Member
Posts: 32
Joined: Mon Feb 05, 2007 10:47 am
Location: Colorado Springs

#17

Post by rmaughan »

I'll keep an eye on it -- for now it seems to working fine. I believe the DNS server for the ASA is the CTR-350 and whatever DNS setting it gets from Sprint. I actually design hardware for a living and spent a number of years developing Gigabit Ethernet controllers so I'm fairly familiar with the details of what's going on. I was going to try and dig into and capture the DHCP packet exchange between the Cisco ASA and the CTR-350, but since it's working for now and my time is limited, I'll leave that activity for the future if the need arises.
ldsrussp
Member
Posts: 85
Joined: Wed Jul 16, 2008 5:34 pm

#18

Post by ldsrussp »

RussellHltn wrote:Something you might check is if there are any limits on the service. I've heard that "unlimited" service for mobile phones is limited to 2GB/month. Go beyond that and the service gets canceled. Since this sounds like the same technology, it might be wise to read any contract very carefully.

I asked Xilec about this. Turns out there normally is a limit but the church has negotiated with Sprint to have "no-limit". This was my biggest initial concern in case something went awry or someone went crazy with the downloading. Don't want to be stuck with a huge bill.

Xilec recommends the Cradlepoint. I need to go read it's specs but can anyone confirm that you can disable the wireless on it?
rmaughan
New Member
Posts: 32
Joined: Mon Feb 05, 2007 10:47 am
Location: Colorado Springs

#19

Post by rmaughan »

Russp,

We have the Cradlepoint CTR-350 and we got ours through Xilec. Yes, you can disable the wireless. Just log in to the router and you can disable it.

Here's some pictures of the set up we are currently using. I took them with my cell phone so they aren't the greatest. I put some double-sided sticky tape on the bottom to stick the Cradlepoint to the brick wall. We ran cables to each clerk office and are using one of the POE ports on the Cisco for a D-link DWL-3200AP wireless access point.

As I mentioned earlier, I had a little trouble getting the Cisco to get a DHCP address, but was able to get it to work with a static IP address. If you need some help, just let me know.

Rob
Attachments
Image001.jpg
(16.33 KiB) Downloaded 53 times
Image002.jpg
(18.27 KiB) Downloaded 53 times
Post Reply

Return to “Meetinghouse Internet”