I am trying to install a physical firewall device for someone so they can connect to a specific VPN tunnel. We are unable to successfully connect to the VPN. The company that manages it requires our outside/internet IP. I went to "whatismyip.com" and gave it to them but they said they still are unable to connect to the device. I go into the Smart Hub UI and on the main page with all the network details there is a WAN IP number. Shouldn't this be the same as the internet/outside IP? Why is it different? Does it have something to do with us using Verizon's LTE signal?
That's a great question, Mhall264. The WAN IP is the IP address the router uses to connect to the internet. It is different from the computer's IP address. You may want to try using both IPs, or reach out to the company administering the VPN to see which one they need.
Thanks for reaching out to us, Matthew. If you require our IP Address, it would be longer than the Home Broadband, DSL, or Fiber Optic. Can you tell us if there is an error message that you receive when attempting to connect?
Follow us on TWITTER @VZWSupport If my response answered your question please click the Correct Answer button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!
The WAN IP of Verizon mobile broadband devices is that of the NAT firewall. It is not unique and not directly routable from an external source.
You have to get the client machine to initiate a VPN connection to the VPN server (punch through the NAT firewall) to establish a unique public IP (that of the VPN server). Once you have the VPNs assigned WAN then you can configure the rest of your devices for remote access.
> The company that manages it requires our outside/internet IP.
You will need to clarify with the company you are working with on this one. You are attempting to connect from a carrier grate NAT. If this is a problem they should have a work around or documentation prepared to walk you through the process.
> I went to "whatismyip.com" and gave it to them but they said they still are unable to connect to the device.
Yes, that is because you have not connected to the VPN server first. External sources/remote connections are not possible until you connect the client to the VPN server. The connection process has to start from the VZW machine and reach out to the VPN server, not the other way around.
> go into the Smart Hub UI and on the main page with all the network details there is a WAN IP number. Shouldn't this be the same as the internet/outside IP?
The WAN IP is your internet/outside IP, however it is not unique and belongs to the VZW NAT Firewall and not your specific client machine. You need to complete a VPN connection to a VPN server first, then revisit this page to see what the new externally routable public IP address is.
> Why is it different?
Carrier grade NAT:
> Does it have something to do with us using Verizon's LTE signal?
No. This is a common carrier configuration strategy used to save unique public IPv4 addresses. Verizon is not the only carrier to configure their broadband devices this way. Your VPN and firewall companies should be familiar with this configuration strategy and have steps to work around it.
As long as you are using the Verizon NAT IP address anything attempting to remotely access your network will be blocked by default. Figure out the VPN connection first, then try whatever you are attempting to do with the firewall installation afterwards.