Sonicwall VPN on AT&T U-Verse Pace 5268ac modem.

Old saying… That person needs a high five… in the face… with a chair!


There are days AT&T does a great job… of making me want to ripe out my hair…


AT&T has a <word of person who does not know his/her father> of a modem on their hands, it’s the Pace PLC 5268ac. In order to get a Sonicwall to run VPN through this modem, the first part is as expected. You set the Sonicwall to DHCP [and recommend you use dyndns or similar to track the IP address assigned] and on the 5268ac, you set the modem to be in a kind of bridge mode where the Sonicwall gets the WAN IP address of the 5268AC [aka 2Wire router].


1. Set your Sonicwall’s WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.

2. Plug your Sonicwall’s WAN interface to one of the 2Wire’s LAN interfaces.

3. Restart your Sonicwall [or renew DHCP on the X1 interface], let it get an IP address via DHCP.

4. Log into the 2Wire router’s interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ

5. Select your Sonicwall under section (1).

6. Select the custom middle selection, click OTHER. You will need to add IPsec ESP, IPsec IKE and ICMP. THIS IS CRITICAL as the 5268ac will NOT pass ESP traffic in DMZ plus mode. You MUST select the IPsec EPS and IPsec IKE from the application list.

7. Click the Save button.

8. Restart your Sonicwall, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your Sonicwall in DHCP mode, or you can change your router’s IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.

9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration

10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.

11. Check everything under Outbound Protocol Control except NetBIOS.

12. Uncheck NetBIOS under Inbound Protocol Control.

13. Uncheck all the Attack Detection checkboxes (7 of them).

14. Click Save


Now, the 5268ac should allow all the IPsec traffic needed for the Sonicwall to work properly.


NOTE: The newer AT&T modems do a better job of letting go and sending all the packets down. 2Wire/5268AC require this special setup.