For many years now I’ve been suffering with a low-speed (1.5Mb/s) DSL connection that prevented me from enjoying today’s Internet. It was a nice step up from our previous Internet connection, Hughesnet, but didn’t allow streaming of movies, reliable video conferencing, etc. A couple of months ago I was able to remedy that with WiMax from local company Kellin Communcations. So far that link has been reliable, but we have yet to experience real winter weather, so I’ve retained the DSL line for now as a backup. That lead to the question, how can I automate switching to the backup DSL line in case the WiMax link fails? And can I use both simultaneously?
The answer to both questions is yes, using a router that supports Dual-WANs (Wide Area Networks). Unfortunately there are no consumer-grade Dual-WAN routers; I mean how many people have multiple Internet connections coming into their homes? But I did find a couple of options aimed at small business that had prices in the range of consumer devices. One is the SYSWAN Duolinks SW24 Dual WAN Loadbalancer. The other is the Linksys (now Cisco, as Linksys’ small business products have transitioned to their parent company) RV042 4-Port VPN Router. Having had a recent failure with a Linksys product I decided to give the SYSWAN a try.
SYSWAN is a small Oregon-based company and there is little information available about them or their products. What I did find suggested that they made a very good product but that it was somewhat hard to use, had poor documentation, but good technical support. Although I’m not a “networking guy”, I do have modest knowledge and a willingness to learn, so I wasn’t too worried about the quality of the SYSWAN documentation. I ordered one and when it arrived a few days later proceeded to install it. My first impression was, wow, this thing has lots of settings! But within a few minutes I had it up and running with both the WiMax and DSL line connected.
So the good news with the SYSWAN was that initial setup was easy, however that is just the start of the story. Shortly after my excitement over now having an automatic backup Internet connection wore off I realized that my AT&T Microcell was no longer working. Now the Microcell is a strange networking device in that AT&T tried to make it as much of a black box as possible. In other words, there are absolutely no settings and no way to see what is going on inside of it. It is all supposed to work by magic, and if it doesn’t then there are a few settings you are supposed to change on your router to make it work. I tried them all, not that it was easy. The SYSWAN used different terminology and hid things in different places than most other routers. Nothing worked! Finally I decided to try the one thing that had to work and place the Microcell in the router’s DMZ. This would effectively get the router out of the way and make sure the Microcell could communicate with AT&T. Well, to begin with I’m sure I’ve lost many of you. And that is precisely the problem with the SYSWAN. The fact that I even have to talk about these things means that the SYSWAN isn’t intended for anyone other than a networking expert to deal with. In fact, I could write pages about what I did to open up ports, change packet sizes, write rules, etc. trying to get it to work. And oh how much time I wasted. But now I’d solve the problem using the DMZ. Except this is where the design of the Microcell and the design of the SYSWAN conflict.
On all routers you specify the IP address of a server inside your LAN to put it in the DMZ. This means you either have to configure the server with a fixed IP address, or use a feature in the router’s DHCP server to reserve a specific dynamically assigned IP address for a particular server using its MAC. Essentially you use DHCP to make a dynamically assigned static IP address. Since the AT&T Microcell doesn’t allow you to configure it (with a fixed IP address or in any other way) I configured the SYSWAN’s DHCP server to assign a specific address to the Microcell’s MAC address. However, when I tried to place the Microcell into the DMZ the SYSWAN complained about the use of the DHCP-assigned IP address. Damn, it will only put a server with a true static IP address into the DMZ.
Before I finish the SYSWAN story I should mention that a few days before trying the DMZ option I’d sent SYSWAN Support an email describing my problem and asking how to configure the SW24 so my AT&T Microcell would work. I never got a response. So now I’ve put several hours into trying to solve the problem and have exhausted my options. The SYSWAN is so unknown that the typical BING it and someone else will have posted instructions didn’t work (and yes, I tried Google as well). All that was left was the prospect of a phone call to SYSWAN support. I picked up the phone and dialed. And discovered that their support line closes at 5PM Mountain time (which yes, if you are on the west coast means 4PM). Of course it was only 4:50, so despite their limited hours I should have squeaked through. But I guess they went home early that day.
Faced with waiting for the next day, and then likely spending an hour or more only to be defeated by the clash between the SYSWAN and the Microcell’s lack of configurability, I went to Amazon and ordered a Cisco RV042 with 1-day shipping. It arrived, I swapped out the SYSWAN, spent about 2 minutes on configuration, and tested that failover between the Internet links worked. I then plugged back in the AT&T Microcell and waited. A few minues later it was up and running with no special configuration on the RV042.
I’m sure the SYSWAN SW24 is a great small business router if you have some special needs that it supports and are willing to pay a networking expert to setup, tweak, and tune it to perfection. If I were actually trying to review the two for small business use I’d do a capability comparison and try to identify the situations where the SW24 excels. But that wasn’t my intent. Certainly for consumer or SOHO use, the Cisco RV042 makes a lot more sense. It’s too bad I didn’t start out with it.
Hal's (Im)Perfect Vision 
Yup. I now have about 3 hours of setup time invested into the RV042. It’s working great. There are a few things I am still working to understand. Specifically I am working to understand just how precisely the QoS / Bandwidth management futures control the peak usage. I am working to carve out enough bandwidth on a T-1 that VoIP on 4 uLaw channels will never be impacted when someone watches video or does some other high-bandwidth consuming thing.
I have the same problem. You shouldn’t have to do anything other than turn on IPSec pass through to get the microcell to work but it doesn’t. It worked fine with my previous router. I am in contact with syswan support on this, they are still trying to get over the mental hurdle “it must work, we haven’t heard about this problem from anyone else”. Perhaps our third email exchange will be more productive.
I haven’t had the chance to try this yet, but a solution for getting a static ip for your microcell that you can use with the funky syswan dmz might be to give the microcell an ip with arp. Try Advanced Configuration/ARP Status and add an ip for your microcell using its mac address. I have been able to do that with a web cam.
I’ll post my resolution with syswan once it has run it’s course. My situation is complicated by the remote nature of the network in question, so this will take me a few weeks (or more) to resolve.
Also, I looked at the RV042 but decided to go with the syswan due to reported battery problems and the lack of upnp.
Please do post the solution when SYSWAN provides one!
I’m setting up a new office outside my home, and the SW24 is going to be my router there. As far as I know I won’t need the Microcell at that location however.
I had this same issue. Syswan was fantastic – worked with me for hours on the phone, and they even went out and bought an ATT Microcell just to test.
The solution is to DISABLE IPSec passthrough on the router – this is the opposite of what ATT tells you to do, but this is the solution to get the Microcell to work. I hope this might help some other folks who find this page via a search, as I did. I cannot say enough about how good the support was from Syswan.
Hello,
After hours spent with AT&T support and after getting our own Microcell at our R&D Lab, we were able to better understand the way the AT&T Microcell works and reacts when connected to a NAT Router.
The conclusion is that the AT&T documentation for the Microcell is either not complete or does not explain exactly how the Microcell would work behind a NAT Router.
As per our research, we have found that the Microcell uses NAT-T when a NATed network is detected but still uses UDP Port 4500 for communicating. UDP
Port 4500 is generally used within IPSec VPN tunnels.
The need for IPSec Passthrough is required only when there is no port encapsulation for the ESP packets (ESP is a portless protocol and as such any NAT mechanism would not index it). In the scenario of the Microcell, all ESP packets seem to be encapsulated using NAT-T over UDP Port 4500.
The way to get a Microcell device plugged on to a Syswan router LAN to work is to DISABLE the IPSec passthrough feature on the Syswan router (Advanced Configuration -> Advanced Feature : IPSec Passthrough). The Microcell traffic uses ISAKMP and NAT-T ports (UDP 500, 4500) and actually needs no IPSEC passthrough logic to interfere, the advanced NAT mechanism on the Syswan routers can index them just fine.
Below is the suggested setup for a Syswan router router when a Microcell device is connected to it on the LAN side :
(1) MTU for each WAN port must be set to 1492 (Advanced Port -> Port Options : MTU)
(2) IPSec Passthrough must be disabled (Advanced Configuration -> Advanced Feature : IPSec Pass Through)
Once the above settings are in place, power off the Microcell then reboot the Syswan router. Once the Syswan router is back up on line, power on the Microcell, wait for the GPS Signal to be fixed then within minutes the 3G signal should turn to solid green.
Please feel free to contact our technical support department if you require further information or assistance with regard to the above.
Syswan Technologies, Inc.
I have two ATT dsl lines and I’ve made the settings as above (1) MTU for each WAN port must be set to 1492 (Advanced Port -> Port Options : MTU)
(2) IPSec Passthrough must be disabled (Advanced Configuration -> Advanced Feature : IPSec Pass Through)
the microcell still does not work. it’s beginning to look like a cisco router is in order