Apple AirPort Extreme Base Station 802.11n firmware 7.1 (#2): Double NAT errors; VPN issues largely resolved

Double NAT errors Some users are suddenly receiving "Double NAT" errors after applying the AirPort Extreme 802.11n firmware 7.1 update. The error is generally accompanied by a flashing yellow light on the AirPort Extreme 802.11n Base Station, though Internet access is usually not affected. Clicking the Ignore button when this error appears should return the Base Station's status light back to steady green.

A "Double NAT" error is generally indicative of two routers attempting to provide NAT (network address translation) services in the same network space -- as would occur when the Base Station is connected to a Cable or DSL modem (router) and neither unit is in bridging mode -- but it is somewhat odd that this error would only begin appearing after the firmware update.

In order to resolve this problem, you will need to turn off NAT services for either the DSL/Cable modem/other router to which the Base Station is connected, or the Base Station itself. This can be accomplished by putting one of the aforementioned components into bridge mode.

The problem with turning off NAT services for the AirPort Base Station (putting it in bridge mode) is that this will preclude proper operation of devices that require port forwarding (tunneling), such as the Apple TV, wirelessly connected gaming consoles and others if said devices are connected to the AirPort Base Station. Still, if you desire, you can put your Base Station in bridged mode via the following steps:

• Open AirPort Utility (located in /Applications/Utilities)
• Select and connect to the appropriate Base station
• Click on the Internet tab
• Under Connection Sharing change the option to Off (Bridge Mode)

A better option, in most cases, is to make your Cable/DSL modem (or router) a bridge (turn off NAT services), and let your AirPort Base Station perform the connection sharing/NAT duties. This requires the following steps:

1. Open the configuration page for your Cable/DSL modem (or router) -- check the specific model manual for instructions on doing so.
2. Look for an option to put your Cable/DSL modem (or router) into "bridge," "bridged," or "bridging" mode, or an option to disable NAT.
3. Restart your Cable/DSL modem (or router), the AirPort Base Station and any connected Macs.

[Note that if you are using PPPoE services, as often required by DSL, you will need to re-enter them for your AirPort Base Station by using the PPPoE tab of the AirPort Utility.]

The only problem with this configuration (Cable/DSL modem or other router in bridge mode) is that wired clients, connected via Ethernet to the Cable/DSL modem or other router, will no longer be able to share network access.

The third option is to simply leave both the Base Station and Cable/DSL modem or other router in NAT-service mode, and click the Ignore button when the "Double NAT" error message appears, as aforementioned. This will leave both capable of distributing IP addresses to client devices (including Macs), but may introduce other problems as indicated by the error message.

VPN issues largely resolved Though Apple makes no mention of it in the documentation accompanying AirPort Extreme 802.11n firmware 7.1, it appears that prior connectivity issues with certain VPN systems -- particularly from Nortel and Cisco -- are resolved with the update.

The previous problems manifested as an inability to connect to some VPNs from systems connected wirelessly through the AirPort Extreme 802.11n Base Station.

Speed improvement when using wireless security As noted in Ted Landau's review of the AirPort Extreme Base Station 802.11n, the unit is prone to significant speed degradation when WPA security is enabled. We've received several reports from readers indicating that throughput with wireless security turned on has been vastly improved with the new version 7.1 firmware.

Ronald Postma writes:

"I just installed the V7.1 firmware with success. Before the update if I activated WPA security my speed was very slow and almost unusable. Now after 7.1 my speed is as good as with wireless security disabled. I tested it on my Comcast cable modem and my speed now exceeds 10 Mbps."

Previous coverage:

• Apple AirPort Extreme 802.11n firmware 7.1 released

Resources