CGNAT on Public IP

rje03
Level 2

Hi Support

 

Is my Static IP address behind the TPG CGNAT, or in front of it?

 

If it is behind the CGNAT can I get it placed on the outside?

 

Regards

Shaun

16 REPLIES 16
BasilDV
Moderator

Hi @rje03

 

What static IP address are you referring to? 

Did you apply for a 3rd party static IP? 

 

Are you under the Home Wireless or 5G Home Wireless broadband?

 

Shoot me a PM with your TPG username or customer ID number.

BasilDV

rje03
Level 2

Hi BasilDV

 

I have a Public static IP address from TPG cause I need to VPN to certain places.

I have the NBN Business Cable XL Bundle Superfast package.

 

 

 

The reason I would like to be outside the CGNAT is because I'm setting up a new VPN and the local source ip address i need to connect to is similar to the TPG gateway address, and we think instead of being directed to the VPN our traffic is heading to the CGNAT and dies.

 

Thanks

Shaun

 

BasilDV
Moderator

Hi @rje03

 

We've edited your post as it contains your account details.

 

Please avoid posting any information on a public thread as it may compromise your security.

 

We'll look into your PM.

 

BasilDV

david64
Master

Hi @rje03 . CG-NAT applies to 4G and 5G wireless (SIM card) connections, not cabled connections.

Go to www.whatismyip.com. It shows the public ip address used by the connection to them. If it is the same as the WAN ip address in the router, you are not using CG-NAT.

The business plan should have come with a static address. The address won't change even if you reboot the router. TPG have many address ranges so I can't say what it might be.

If you are connecting to a commercial VPN provider, the target ip address will more than likely be a static public address of the provider. Their firewall translates their public address into an internal address for routing in their network.

You can also do  tracert  to the VPN provider.

 

Out of interest, at whatismyip.com, click on "My IP Information", scroll down to see ASN information.

rje03
Level 2

Thanks for your reply on this. I've passed this onto my network specialist to digest.

 

We've been having issues with IPSEC  authenication and after much troubles thought it must be the CGNAT killing the 2nd part of the IKE handshake cause they are both on the 10.X.X.X address range.

 

We'll have to keep investigating why the handshake is not completing as it should.

 

Shaun 

rje03
Level 2

Hi All

We are definitely behind a CG-NAT as our default gateway provided by TPG is 10.20.25.15. We need to use the 10.x network and normally our default gateway would be a public IP Address gateway (Example – 200.1.1.1)

WE need the 10.20.25.15 removed so that we can go from 192.*.*.*   to 203.*.*.* – Directly out to the public internet without CG-NAT.

Instead using tracert:

* My router (Internal IP)

* 10.20.25.15.tpgi.com.au            <--- This is what I am calling the TPG CGNAT (need to go directly out)

* 203.219.35.X.static.tpgi.com.au

 

Shaun

david64
Master

@rje03 . I'm on a residential plan (dynamic ip) and the hop #2 address is a "10" address (which the router calls a Default Gateway) followed by a "203" address.

My router's ip address is same as shown by whatismyip.com.

I can access my home network from the internet using mobile data and browser and port forwarding rule, which is not possible with CG-NAT.

 

david64
Master

@rje03 . You say  "traffic is heading to the CGNAT and dies".  Are you using packet capture software to trace the traffic between each end? Have you allowed IPSec port numbers in firewall rules and router port forwarding rules?

rje03
Level 2

Hi BasilDV,

 

I realy need to move on this issue as I need the VPN connection to start my testing for a client.

 

Is there any update from your Team on this problem?

 

Shaun