<%mainShowBanner("ciu") %>

<%mainShowBanner("CIU-FLEX(CIU-2)") %>

Proprietary Cable Modem Frustrations

This week we take some of the mystery out of why cable and DSL providers require you to use their telecommunication equipment as opposed to purchasing your own. As an added bonus, we'll also show you how to get PPTP traffic to pass through your firewall.

By Ron Pacchiano

Q. Recently, I became interested in getting Broadband Internet access at home. I live in a somewhat remote area, though, so DSL isn't an option. I then decided to look into a cable modem. I checked with the local cable company and discovered that they do offer Internet service in my area, but in order to get it, I would have to buy their cable modem. The cost for the cable modem is $250. I know I can get them cheaper then that, but the cable company told me that their service would only work with the modem they provide. I asked them why that is, but the cable representative couldn't give me a satisfactory answer. So my question to you, are they trying to put something over on me, or is there a reason why I can't use just any cable modem with their service? I'd rather not spend the extra money on their cable modem if I don't have to.

A. While I do feel the $250 price tag is rather high, I think I can safely say that they aren't trying to pull one over on you. You see, most cable companies, and even many DSL providers for that matter, require you to purchase or lease their equipment to use their service.

The primary reason for this simply has to do with the amount of "Provisioning" required on the part of the cable company in order to get a modem to operate within their network. In telecommunications-speak, Provisioning means providing telecommunications service to a user, including everything necessary to set up the service, such as equipment and wiring, as well as the various service options the customer has chosen.

When a modem is put into service, a variety of information is recorded and configured in the cable company's CMTS. The CMTS or Cable Modem Termination System is a component that exchanges digital signals with cable modems on a cable network. When a CMTS receives signals from a cable modem, it converts these signals into IP packets, which are then sent to an IP router for transmission across the Internet.

When the cable company sets up your account, it records the MAC address and serial number of the cable modem it assigns you and inputs the data into their DHCP server database. ISP's have also been known to assign a specific IP address to a specific modem. This information is used to create a configuration file. Every modem makes use of a configuration file in order to function. When the modem contacts the CMTS for its configuration data, the registered MAC address must correspond with the information stored in the CMTS.

Modems that have not been provisioned will not be authorized to connect to the network and therefore would not be able to get online. On some occasions, provisioning will also require the cable company to send a technician to your location to upgrade and/or measure your cable signal.

So to answer your question, it's simply easier for the Cable Companies to perform as much of this provisioning as possible before delivering the modem to the clients. This helps to ensure a smoother installation and a more reliable network experience. To allow thousands of users to introduce their own equipment into the network environment could very likely lead to hundreds of potential problems.

However, on the rare occasion you happen to find a cable company that will allow you to use a third party modem, you should purchase one which is DOCSIS certified. DOCSIS, or Data Over Cable Service Interface Specification, was developed by CableLabs and approved by the ITU in March 1998. This specification defines interface standards for cable modems and allows interoperability of products from various manufacturers. Most of the cable modems sold today meet this standard, but you should verify it just in case.

Q. We are using a DSL line in our office for Internet conductivity. The DSL line is connected to a Windows XP PC running Internet Connection Firewall. Recently we decided that we would like to have access to the network from outside the office, so we setup a Virtual Private Network (VPN) connection using a PPTP server. The VPN appears to be configured correctly, but we can't seem to gain access to the network. I tired disabling ICF, and to my surprise I discovered that the VPN server was now accessible. This leads me to believe that there is an incompatibility between our PPTP server and Windows XP. I don't feel comfortable having an open Internet connection without a firewall, but it's important that we have access to the VPN. Do you have any suggestions as to what I should do next? Any help would be appreciated. Thanks!

A. In your question you failed to mention what product you are using for VPN access, so I can't really tell you if there is an incompatibility between that and Windows XP's Internet Connection Firewall. However, from the way you described the problem, I think your situation has more to do with Windows XP's Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF).

The role of the firewall is to protect your network from unauthorized access. To do this, the firewall monitors all traffic coming into your network. All Internet traffic is based on the TCP/IP protocol. TCP traffic travels through your network on ports, with different services traveling along different ports. For example, standard Internet traffic or HTTP uses port 80, FTP uses port 21, and TELNET uses port 23. These ports have been pre-defined in ICF to allow this traffic to safely pass into the network. This type of configuration is typically referred to as a "Rule."

So if you have a Point-to-Point Tunneling Protocol (PPTP) server on your internal network, you'll need to configure Windows XP ICS to map the PPTP ports to forward the Virtual Private Networking (VPN) traffic on to the PPTP server. This allows the incoming VPN connection to pass through the Windows XP ICS computer. This is done by adding a Service to the ICS Services List. The Services List contains information on the service type, the related TCP or UCP ports, and the IP address of the host system.

To configure ICS to pass PPTP traffic you first need to know which ports the traffic is going to be passed on. A typical PPTP connection is composed of two types of traffic. The first is PPTP traffic, which uses TCP port 1723 and is designed to establish and maintain the connection. The second is Generic Route Encapsulation (GRE), which uses port 47 and is designed to encapsulate the actual data that is passed between the two endpoints. If you where using IPSec as opposed to PPTP, then the port numbers would change to 500, 50, and 51.

A detailed article on configuring this, along with step-by-step instructions for setting everything up, can be found in the Microsoft Knowledge Base at http://support.microsoft.com/default.aspx?scid=kb;EN-US;309524.

Use our feedback form to submit your questions on home or SOHO networking issues. We can not guarantee to answer every question we get, but we'll consider them all