ACS through NAT?

Hello all:

Most of my routers have public IPs, but some are behind NAT. As our own IP space dwindles, we are looking at using CG-NAT for some customers. Also, we occasionally sell a router to a customer on a different ISP that does use CG-NAT, and we have no access / way into their IP space.

I understand not being able to push settings out to the router, but it seems that I can’t even queue them if the connection isn’t publicly reachable. I’d think that at a minimum, I’d be able to queue my changes for the next time the router checks in… I would have expected that through the UI, when I queue changes, I wouldn’t have to hit commit, and they would be processed on next check-in, but it doesn’t appear that is the case.

However, I’m also confused by the fact that the router shows as “online” which leads me to believe there is an open connection between the router and the GenieACS server. If so, why can’t the GenieACS server just use this established connection to send a “please check in now” and have it process its queue then? It was my understanding that this is how TR-069 normally works…It just doesn’t if the router is behind NAT.

This is only possible over the API.

Hi Jim

to my knowledges then you need to use the API in order to queue tasks and not run them as connections requests.
then the next time the device connects to the acs, which depends on the PeriodicInformInterval that you have set, it will get the jobs in the queue

the online status is also based on the PeriodicInformInterval and Lastinform

IMHO what the word online really means is the CPE have been connected to the ACS for the last few minutes (by default the config page have it set on 5 minutes, me thinks). The details page of the CPE show the ping latency, which should be unreachable if the CPE is behind a NAT.

our solution was to use a VLAN for ACS only with no internet access, and the ACS itself is on the same network with no internet access.