LTE / 5G Routers - Configure Remote Access from WAN

This article shows how to allow access through HTTPS, HTTP, FTP, SSH to the device for NR7101, NR5101, FWA510, FWA710, LTE7480 / 7490, LTE3301-PLUS. The remote management controls which interface and web services that are allowed to access the device. It explains why port forwarding & remote access doesn't work on your LTE / 5G device (because of grade carrier NAT) and how to fix / resolve problems with remote access to your device.

 

Table of Content

1. Configure Access to your Router

2. Configure Trusted Domains for IP Passthrough Mode (Bridge Mode)

3. Remote Access & Port Forwarding doesn't work - Grade Carrier NAT?

Checking if you have Carrier-Grade NAT (CGNAT)

Dealing with Carrier-Grade NAT

 

 

1. Configure Access to your Router

 

Step 1: Insert the SIM Card and Start Up the Router

Begin by inserting the SIM card into the designated slot on your LTE/5G router. Ensure that the router is powered off during this process to avoid any potential damage to the device or the SIM card.

Once the SIM card is correctly inserted, power up the router and wait for it to complete the boot-up process. Most routers have indicator lights that will signify when the device is ready to be used.

Step 2: Access the Web GUI via WiFi

Now that your router is powered on and operational, connect to it using WiFi. Find the WiFi network name (SSID) and password provided with the router or on the device's packaging. Connect your device to this network to gain access to the router's Web GUI.

Step 3: Log In to the Web GUI

Open a web browser on your device, and in the address bar, type the default IP address of the router, usually something like "192.168.1.1" or "192.168.0.1". Press Enter to navigate to the login page.

Enter your administrator credentials, which are typically provided with the router or can be found in the user manual. After successfully logging in, you should have access to the router's Web GUI.

Step 4: Enable Remote Management

In the Web GUI, navigate to the "Maintenance" section, and then select "Remote Management." Here, you will find options to configure remote access to your LTE/5G router.

mceclip0.png

Option 1: LAN/WLAN (WiFi) Access

If you want to access the router remotely using devices connected to the same local network (LAN) or connected via WiFi (WLAN), enable the LAN/WLAN option. Keep in mind that this option provides access to all devices on the LAN/WLAN.

Enable services on LAN/WLAN to allow access of the chosen service from the local LAN

Option 2: WAN Access from Outside

To access the router from outside the local network, enable WAN access. This allows you to access the router's Web GUI using the public IP address of your network.

Enable services on WAN to allow access of the chosen service from the outside from all WAN connections

Option 3: Trusted Domain

Alternatively, you can enable the "Trusted Domain" feature. This method involves manually configuring a list of public IP addresses that you trust to access the router from outside. By specifying these trusted IPs, you add an extra layer of security to your remote management setup.

Enable services on Trust Domain to allow access of the chosen service from only the trusted IP addresses configured under Trust Domain

mceclip1.png

 

2. Configure Trusted Domains for IP Passthrough Mode (Bridge Mode)

If you want to access the LTE/5G router in IP passthrough (bridge) mode, the process is slightly different. IP passthrough allows you to access the router's Web GUI even when it is operating in bridge mode, forwarding external traffic directly to the internal network.

 

MGMT Services for IP Passthrough

In the Web GUI, go to "MGMT Services for IP Passthrough" and configure the desired service (e.g., HTTPS) and the port (e.g., 20443) to access the Web GUI in bridge mode.

This screen configures which interfaces you can use to access the device in IP Passthrough mode:

mceclip2.png

Enable services on WAN to allow access of the chosen service from the outside from all WAN connections

Enable services on Trust Domain to allow access of the chosen service from only the trusted IP addresses configured under Trust Domain

 

Trust Domain for IP Passthrough 

Just like in the previous step, you can also configure trusted domains for when the device is in IP passthrough mode, providing an added layer of security.

Use this screen to configure public IP addresses allowed to access the device in IP Passthrough mode. 

mceclip0.png

 

3. Remote Access & Port Forwarding doesn't work - Grade Carrier NAT?

Carrier-Grade NAT (CGNAT) is a networking technology used by internet service providers (ISPs) to conserve IPv4 addresses. As the world has exhausted the pool of available IPv4 addresses, ISPs have adopted CGNAT to enable multiple customers to share a single public IP address. This approach allows ISPs to serve a larger customer base without requiring a unique public IP address for each customer device. This means that these devices do not have a dedicated public IP address and instead share one with multiple customers.

 

In summary, Carrier-Grade NAT (CGNAT) is a technology employed by ISPs to share public IP addresses among multiple customers, leading to difficulties in accessing devices remotely from the WAN. By checking your WAN IP address and comparing it with a public IP lookup tool, you can determine if you have CGNAT. If you do, contacting your ISP to purchase a public IP address for your LTE/5G device will allow you to overcome this limitation and enable remote access.

 

Checking if you have Carrier-Grade NAT (CGNAT)

If you are experiencing difficulty accessing your LTE/5G device from outside the network (WAN), it might be due to CGNAT. To check if you have CGNAT, follow these steps:

  1. Access the Web GUI Dashboard: First, log in to the Web GUI Dashboard of your LTE/5G router using the local IP address provided by your router manufacturer (e.g., "192.168.1.1")

  2. Find the WAN IP: Once logged in, navigate to the section that displays the WAN IP address of your router. This information can usually be found under the Network or WAN settings

  3. Check with a Public IP Lookup Tool: Visit a website that can show you the public IP address of your network. One such website is "https://whatsmyip.com". When you access this site, it will display your public IP address.

  4. Compare the IPs: Compare the WAN IP displayed in the Web GUI Dashboard of your router with the public IP address shown on the "https://whatsmyip.com" website.

  • If both IP addresses are the same, you do not have Carrier-Grade NAT, and you should be able to access your device from the WAN (outside).

  • If the IP addresses are different, it indicates that your ISP is using Carrier-Grade NAT, and your device does not have a unique public IP address. As a result, remote access to your LTE/5G router from the WAN will not be possible.

  • In the above example, we have a WAN IP of 10.204.58.202 and a public IP of 81.x.126.128 which means that we have a Grade Carrier NAT and we cannot access the device from the outside (from WAN)

Dealing with Carrier-Grade NAT

If you discover that your LTE/5G device is behind a Carrier-Grade NAT and you need remote access, you must contact your ISP and request a public IP address for your SIM card or LTE/5G router. The ISP may offer this service for an additional fee, but it will provide you with a unique public IP address, enabling remote access to your device from the WAN.

 

Articles in this section

Was this article helpful?
2 out of 4 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.