Solved

Adtran config with metro ethernet

Posted on 2008-09-30
6
1,887 Views
Last Modified: 2013-11-16
Experts,

I am going with a metro ethernet connection upgrade tomorrow, I have to supply the router and I would like to make sure my config looks good before the switch. There is a firewall behind this adtran router. This router will just be basic between the circuit and our watchguard firebox.

I have changed the ip's to random ip's but you have the idea.

I am curious if this config looks right or if I am missing somthing big. All I need this router to do is pass between the circuit and firebox.

66.15.127.202  is the public side of the router that connects to the circuit.
66.33.27.1  is the private side of the router that connects to the firewall.
66.15.127.201 is the ip of the telco not sure but needs a route from any to them 0.0.0.0 to 66.15.127.201
66.33.27.2 is the public side of the our watchgaurd firebox firewall.

!
!
! ADTRAN OS version 17.02.03.00.E
! Boot ROM version 14.04.00
! Platform: NetVanta 3120, part number 1700600L2
! Serial number LBADTN0740AJ831
!
!
hostname "Raleigh Main"
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
ip domain-proxy
ip name-server 205.152.37.23 205.152.132.23
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
service password-encryption
!
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg h323
!
aaa on
ftp authentication LoginUseLocalUsers
!
!
aaa authentication login LoginUseTacacs group tacacs+
aaa authentication login LoginUseRadius group radius
aaa authentication login LoginUseLocalUsers local
aaa authentication login LoginUseLinePass line
!
aaa authentication enable default enable
!
aaa authentication port-auth default local
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
!
!
!
!
!
!
vlan 1
  name "Default"
!
!
interface eth 0/1
  description Public
  speed 100
  ip address  66.15.127.202  255.255.255.252
  access-policy Public
  no shutdown
  no lldp send-and-receive
!
!
interface switchport 0/1
  speed 100
  no shutdown
!
interface switchport 0/2
  no shutdown
!
interface switchport 0/3
  no shutdown
!
interface switchport 0/4
  no shutdown
!
!
!
interface vlan 1
  description Private
  ip address  66.33.27.1  255.255.255.128
  access-policy Private
  no shutdown
!
interface modem 0/1
  dialin
  no shutdown
!
!
!
!
!
ip access-list standard wizard-ics
  remark Internet Connection Sharing
  permit any
!
!
ip access-list extended Any
  permit ip any  any     log
!
ip access-list extended self
  remark Traffic to NetVanta
  permit ip any  any     log
!
ip access-list extended wizard-pfwd-1
  remark Port Forward 1
  permit ip any  host 66.15.127.202     log
!
ip policy-class Private
  allow list self self
  nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
  nat destination list wizard-pfwd-1 address 66.33.27.2
!
!
!
ip route 0.0.0.0 0.0.0.0 66.15.127.201
!
no ip tftp server
no ip tftp server overwrite
ip http authentication LoginUseLocalUsers
no ip http server
ip http secure-server
no ip snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
  login authentication LoginUseLinePass
  password encrypted
line con 1
!
line telnet 0 4
  login authentication LoginUseLinePass
  password encrypted
  shutdown
line ssh 0 4
  login authentication LoginUseLocalUsers
  shutdown
!
!
!
!
!
!
!
!
end


0
Comment
Question by:cbossert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22613247
It looks fine except it appears you have NAT configured on the Adtran which you don't need if the Watchguard is handling NAT for the network.  I would also verify with your provider the speed and duplex settings for the metro ethernet connection.
0
 

Author Comment

by:cbossert
ID: 22613432
Jfrederick,

I am not sure how I would go about turning off the NAT, the Watchguard does NAT but I don't see it as an option to turn off. Do you happen to know this?

I set the speeds to 100 full per the telco requests, they were defaulted to auto before I changed them.

Thanks!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22613484
Not overly familiar with Adtran but hopefully this takes care of it.

ip policy-class Private
no nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
no nat destination list wizard-pfwd-1 address 66.33.27.2
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:cbossert
ID: 22613711
I don't think this will work. when I turn off the NAT in those policy classes the fwd to 66.33.27.2 goes away and is replaced with an allow.

ip policy-class Private
allow list self self
allow list wizard-ics

ip policy-class public
allow list wizard-pfwd-1
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22614638
You don't need the forward since you are routing the two subnets, i.e. a request comes into 66.33.27.2, your ISP routes it to the Adtran via 66.15.127.202 and the Adtran routes it to the Watchguard.  The only thing I am not sure about is if you don't have an access-policy on the interface, is all traffic denied by default or allowed.  I am hoping allowed.  The Firewall will be doing the filtering...
0
 

Author Comment

by:cbossert
ID: 22623390
Jfredrick,

Thank you for your help. I was not able to test any of this out because the Adtran would not work with the ISP setup. The circuit needed to connect to the Adtran via a crossover cable and when we did this the adtran reported the ethernet line being down, so we couldn't get past that. I wound up taking a new Cisco 1811 router that we had purchased for another reason and used that.

I will award points to you but I was not able to verify

Thanks so much!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question