cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jtphoneman
New Contributor III

Netvanta 1335 Firewall question

Jump to solution

I have a Netvanta 1335 that I have IP Firewall Enabled. I am using vlan 1, 2 and 200 in the 1335. I have vlan 2 and 200 setup with the Private Access policy overloading to vlan 1 which is setup for my Public Policy. All in the 1335 is working correct, I can get on the internet from any vlan. I also have a DHCP server on vlan 1. I have a trunk port configured on port 0/23 going to a 1234 Netvanta. The Trunk is setup to allow vlan 1,2 and 200. Firewall in the 1335 is not allowing clients in vlan 1 on the 1234 to get DHCP.

Interface vlan 1 on the 1335 is 192.168.0.254, interface vlan 1 on the 1234 is 192.168.0.253. I can ping int vlan 1 on the 1234 from the 1335 but cant ping from the 1234 back to int vlan 1 on the 1335 unless I turn off the ip firewall in the 1335. What could I do to correct this? Below is the configs for both switches

Thanks

0 Kudos
1 Solution

Accepted Solutions
jtphoneman
New Contributor III

Re: Netvanta 1335 Firewall question

Jump to solution

I needed to create a couple of ACL's and apply then to the Public policy-class. This allowed the access that I needed from Vlan 1 to 200.

interface vlan 1

  description Customer_Data

  ip address  192.168.0.254  255.255.255.0

  ip access-policy Public

  ip route-cache express

  no shutdown

!

interface vlan 2

  description RSVP

  ip address  192.168.2.254  255.255.255.0

  ip access-policy Private

  ip route-cache express

  no shutdown

!

interface vlan 200

  description Voice

  ip address  192.168.200.254  255.255.255.0

  ip access-policy Private

  ip route-cache express

  no shutdown

!

!

!

!

!

!

!

ip access-list standard PUBLIC

  permit any

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended Remote

  remark do not hand edit this ACL

  permit tcp any  any eq www   log

  permit tcp any  any eq telnet   log

  permit tcp any  any eq ssh   log

  permit tcp any  any eq ftp   log

  permit icmp any  any  echo   log

  permit tcp any  any eq https   log

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

ip access-list extended web-acl-5

  remark Vlan_1_TO_Vlan_200

  permit ip 192.168.0.0 0.0.0.255  192.168.200.0 0.0.0.255  

!

ip access-list extended web-acl-7

  remark Admin_Access

  permit tcp 192.168.0.0 0.0.0.255  any eq www   log

  permit tcp 192.168.0.0 0.0.0.255  any eq telnet   log

  permit tcp 192.168.0.0 0.0.0.255  any eq https   log

  permit tcp 192.168.0.0 0.0.0.255  any eq ssh   log

  permit tcp 192.168.0.0 0.0.0.255  any eq ftp   log

  permit icmp 192.168.0.0 0.0.0.255  any  echo   log

!

!

!

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface vlan 1 overload

!

ip policy-class Public

  allow list web-acl-5

  allow list web-acl-7 self

!

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: Netvanta 1335 Firewall question

Jump to solution

- Thanks for posting on the forum!

It looks like you have opened a ticket with Adtran Tech Support regarding this question. If you don't mind, please post the resolution to your question so others can benefit from it.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

jtphoneman
New Contributor III

Re: Netvanta 1335 Firewall question

Jump to solution

I needed to create a couple of ACL's and apply then to the Public policy-class. This allowed the access that I needed from Vlan 1 to 200.

interface vlan 1

  description Customer_Data

  ip address  192.168.0.254  255.255.255.0

  ip access-policy Public

  ip route-cache express

  no shutdown

!

interface vlan 2

  description RSVP

  ip address  192.168.2.254  255.255.255.0

  ip access-policy Private

  ip route-cache express

  no shutdown

!

interface vlan 200

  description Voice

  ip address  192.168.200.254  255.255.255.0

  ip access-policy Private

  ip route-cache express

  no shutdown

!

!

!

!

!

!

!

ip access-list standard PUBLIC

  permit any

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended Remote

  remark do not hand edit this ACL

  permit tcp any  any eq www   log

  permit tcp any  any eq telnet   log

  permit tcp any  any eq ssh   log

  permit tcp any  any eq ftp   log

  permit icmp any  any  echo   log

  permit tcp any  any eq https   log

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

ip access-list extended web-acl-5

  remark Vlan_1_TO_Vlan_200

  permit ip 192.168.0.0 0.0.0.255  192.168.200.0 0.0.0.255  

!

ip access-list extended web-acl-7

  remark Admin_Access

  permit tcp 192.168.0.0 0.0.0.255  any eq www   log

  permit tcp 192.168.0.0 0.0.0.255  any eq telnet   log

  permit tcp 192.168.0.0 0.0.0.255  any eq https   log

  permit tcp 192.168.0.0 0.0.0.255  any eq ssh   log

  permit tcp 192.168.0.0 0.0.0.255  any eq ftp   log

  permit icmp 192.168.0.0 0.0.0.255  any  echo   log

!

!

!

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface vlan 1 overload

!

ip policy-class Public

  allow list web-acl-5

  allow list web-acl-7 self

!

View solution in original post

0 Kudos
Anonymous
Not applicable

Re: Netvanta 1335 Firewall question

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.


Thanks,

Noor