Configuration for AT&T VPN Gateways

Overview

The Accelerated 6300-CX Cellular Extender provides a reliable, high-speed cellular connection that is compatible with existing wireline infrastructure. While its 4G LTE speeds are capable of operating as a primary WAN uplink, the 6300-CX can also be configured as a backup. This network redundancy solution delivers the ultimate flexibility to minimize expenses when it comes time for upgrading equipment to the latest wireless standards. 

Business continuity depends on the seamless integration of failover-connectivity solutions to prevent service interruptions. Now more than ever, contingency networks play a strategic role in sustaining business operations. Unplanned outages can cost companies significant time and money, frustrating employees and clients alike, which creates a negative perception that is difficult to overcome. 

Cellular data (4G LTE) bypasses wireline Internet service providers (ISPs) to facilitate the best redundancy possible.  Additionally, in some situations it may be a challenge to acquire access to wired circuits or an event may call for temporary online access. For these reasons, Accelerated Concepts designed its 6300-CX Cellular Extender to offer comprehensive, flexible cellular network integrations for small businesses, retail, government, remote sites, and branch offices. 

The AT&T U110 is an eighth-generation AT&T VPN Gateway that has been developed by AT&T since 2001. As a customer premises equipment (CPE) hardware device, it serves as a centrally managed firewall, router, VPN device, and VLAN switch that acts as a fully managed security device. Networks that leverage the U110 are protected from the Internet while still having secure access to an enterprise environment through a secure IPSec VPN tunnel that supports the highest level of encryption (256-bit AES).

Leveraging the 6300-CX’s flexible mounting options, the Accelerated Cellular Extender can be deployed in a location with strong cellular reception and deliver LTE connectivity to the VPN Gateway via Ethernet cabling. Power-over-Ethernet extends the CX’s reach to optimize signal strength without necessitating the relocation of the U110 or other client appliances.

Please refer to the AT&T VPN Gateway Datasheets for more information.

(Access to the URL linked above is private. Reach out to your AT&T rep for documentation if the link doesn’t work.)

Interoperability Matrix

This section covers interoperability information of the hardware tested for this solution. It includes the firmware versions of both devices as well as the date of testing.

Date U110 Firmware 6300-CX Firmware
05/2017 6.4.X 17.2.22

Caveats

IMPORTANT: U110s distributed for use in the United States are outfitted with an embedded LTE modem. This cellular connection may be leveraged for primary or backup Internet access, though the U110 can only be configured to recognize 2 WAN connections simultaneously. Interoperability with the 6300-CX implies that the VPN Gateway has been staged for single-WAN connectivity (either wireline or embedded cellular). Please refer to the U110 Install Guide for setup guidance.

The delivery of wireless services varies depending on the carrier and may lead to differences in the area of coverage, type of service (3G, 4G, LTE, etc.), availability of bandwidth, and IP address designation (Private or Public) among other factors. The interoperability test designed for this solution guide included LTE service, maximum coverage availability, and a public IP address assigned to each device.  

Using the 6300-CX as a secondary connection assumes that a primary WAN is available, either via an Ethernet cable plugged into the WAN 1 port on the AT&T VPN Gateway or its embedded cellular connection. Connect the 6300-CX’s Ethernet cable to port WAN 2 and proceed to the configuration described herein.

Accelerated 6300-CX Cellular Extender Setup

Initial Setup

Affix both antennas to the router and insert an activated SIM card before deploying the device. Be sure to select a location with optimal signal strength. For detailed instruction, refer to the tables that follow. Subsequent sections will outline site selection, powering options, and other device functionality.

Step-by-Step Guidance: Initial Setup
  1. Insert the activated 2FF SIM card provided by your cellular network operator (putting the cut corner in first with metal contacts facing down). The card clicks into place when completely inserted.
  2. Attach the two included antennas; both should be installed for optimal operation. Do this by gripping the metal connector section with your thumb and forefinger, tightening until secure. Do not tighten the antenna by holding any part of the plastic antenna housing.
  3. To determine the optimal location for the 6300-CX, please see the “Site Survey” section.
  4. Refer to the section(s) for Remote or Direct Power Installations when ready to connect the 6300-CX to the permanent power supply unit.
  5. The 6300-CX uses DHCP with IP passthrough by default, which satisfies the setup requirements for most environments. If required, please use Accelerated View™ or the 6300-CX local GUI to configure the 6300-CX for router mode.

Site Survey

If you are unsure of the available cellular signal strength, or are choosing between several locations, please follow the instructions to identify the ideal installation site.

Step-by-Step Guidance: Site Survey
  1. After following steps 1 and 2 in the “Initial Setup” section, connect the battery pack to temporarily power the Accelerated 6300-CX. The charge lasts two to four hours – it is not rechargeable and should be properly disposed of after use.
  2. Move the 6300-CX to different locations within your site to determine the best compromise between signal strength and installation constraints. Since cellular signal strength may fluctuate, it is important to wait at each location for 1 minute while observing the signal strength indicator on the front of the device. Minimum cellular signal strength for operation is 2 bars (3+ is preferred).
  3. After determining the optimal location, remove the battery pack and connect the main power supply unit or Ethernet cable connected to the PoE injector (per the power option outlined below).

Remote Power Installation – Power Option #1

The included Power-over-Ethernet (PoE) injector allows the device to be positioned away from power outlets to simplify its installation needs. The adaptor consolidates the DC power and Ethernet connections so that both can be run to the 6300-CX via a single Ethernet cable. Distances of 300 ft have been tested on CAT6 and 250 ft on CAT5e. Note that cable conditions and the number of splices will impact actual distance.

Step-by-Step Guidance: Remote Power Installation
  1. Plug the 6300-CX’s power supply unit (PSU) into an AC power outlet.
  2. Connect the end of the PSU into the DC input (4 pin connector) of the PoE injector.
  3. Insert the male RJ45 connector of the PoE injector cable into the VPN Gateway.
  4. Connect an Ethernet cable from the RJ45 socket on the PoE injector cable to the Ethernet port of the 6300-CX. (See diagram.)

Direct Power Installation – Power Option #2

If you plan to collocate the 6300-CX with the VPN gateway, you can directly power the 6300-CX without the PoE cable.

Step-by-Step Guidance: Direct Power Installation
  1. Use an Ethernet cable to connect the 6300-CX to the security appliance using port Internet 1 (to use the cellular network as the primary connection) or port Internet 2 (to configure a failover).
  2. Plug the 6300-CX power supply unit (PSU) into an AC power outlet.
  3. Connect the PSU into the 4-pin power connector of the 6300-CX. (See diagram.)

Understanding the 6300-CX LEDs

Once power has been established, your device will initialize and attempt to connect to the network. Device initialization may take 30-60 seconds. Indicator lights on the Wireless Strength Indicator show you the cellular network signal strength. The Network Status Light on the front left of the device displays connectivity information.

Please visit accelerated.com for additional information and troubleshooting tips.

AT&T VPN Gateway Configuration with the 6300-CX

Cellular as Failover/ Backup WAN

After the 6300-CX is online with an activated cellular data plan, connect it to the WAN 2 port of the AT&T VPN Gateway via an Ethernet cable. The gateway is configured to recognize WAN 2 as a backup connection by default though additional settings must be enabled for optimal failover. These changes can be implemented using AT&T’s Service Manager web-based administration GUI or via the x3270 terminal emulator, which offers a text-based user interface for managing devices.

Access to AT&T Service Manager Administration is available at this URL.

Step-by-Step Guidance: DHCP Client Configuration
  1. From the Navigation Menu, select VPN GW/uCPE u110.
  2. Enter your device’s Account and/ or Device ID and filter through available devices by clicking the List AT&T VPN Gateways button.
  3. Select the intended Device ID to open its Gateway Profile.
  4. Set NAT-T Negotiation to “Yes” using the corresponding pull-down menu.
  5. Under the Common Dial Settings section, both Initiate Dial Connection and Initiate VPN Backup Connection should be set to “Persistent.”
  6. Scroll down to the Second WAN Port Configuration Data section and set the Connection IPv4 pull-down menu to “DHCP.”
  7. Change the WAN2 via Cell Extender field to “NetBridge from Accelecon.”
  8. Enter “1410” for the MTU Size.
NOTE:The last 8 fields of the Second WAN Port Configuration Data section establish the relevant keep-alive parameters used to establish failover intervals. These should never be changed unless Tier 4 support has been consulted.

Cellular as Primary WAN

The back panel of the U110 features an array of LAN ports and two dedicated WAN interfaces. To utilize the 6300-CX’s LTE Wireless WAN (WWAN) connectivity as the primary means of Internet access, connect the Accelerated Cellular Extender to port WAN 1 on the VPN Gateway using an Ethernet cable. A solid blue light on the 6300-CX confirms that its 4G LTE modem is online and an Ethernet connection has been established with another device. Similarly, the U110’s front panel features an Online indicator that will stay green to show that the device is connected to the Internet via the Cellular Extender.

Please refer to the AT&T VPN Gateway Install Guides for an in-depth walkthrough.

(Access to the URL linked above is private. Reach out to your AT&T rep for documentation if the link doesn’t work.)

Step-by-Step Guidance: Primary WWAN
  1. From the Navigation Menu, select VPN GW/uCPE u110.
  2. Enter your device’s Account and/ or Device ID and filter through available devices by clicking the List AT&T VPN Gateways button.
  3. Select the intended Device ID to open its Gateway Profile.
  4. Set NAT-T Negotiation to “Yes” using the corresponding pull-down menu.
  5. Enter “1410” for the WAN MTU Size
  6. NOTE: These fields are located under the Basic Settings section of the device administration portal. 
  7. Under the Cellular Connection Keep Alive Settings section, change the WAN via Cell Extender field to “NetBridge from Accelcon.”
NOTE:The first 4 fields of the Cellular Connection Keep Alive Settings section establish the relevant keep-alive parameters used to establish failover intervals. These should never be changed unless Tier 4 support has been consulted.