cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

Netvanta 3448 using external ip

Jump to solution

Since I'm new to Netvanta 3448 and don't have the proper training on it, I'm trying to establish the following:

Netvanta 3448 with firmware 17.09.03.00

eth 0/1 external IP address a.b.c.34 Netmask 255.255.255.248

internal IP 192.168.1.1 255.255.255.0

swx 0/8 fixed IP 192.168.1.50 server

I'm trying to forward the external IP address a.b.c.38 to the internal IP 192.168.1.50 server with complete NAT.

I watched the video on port forwarding using 1:1 NAT for forwarding an external IP address to an internal server, but I can't reproduce it.

I'm not able to e.g. add the external IP address to the eth 0/1 (my guess is that this is already in range of the subnet mask).

Is it possible to forward the a.b.c.38 address to the 192.168.1.50?

If so, how can it be made possible?

If more information is needed please ask.

Labels (2)
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 using external ip

Jump to solution

nlpo,

   See the follow example of the two policy classes:

interface eth 0/1

  description PublicPort

  speed 100

  ip address  a.b.c.34  255.255.255.248

  ip address  a.b.c.38  255.255.255.255  secondary

  ip access-policy Public

  no shutdown

!

interface vlan 1

  description VLAN1

  ip address  192.168.1.1  255.255.255.0

  ip access-policy Private

!

ip access-list extended self

  remark Traffic to Netvanta

  permit ip any  any     log

!

!

ip access-list extended Admin

  remark Admin Access

  permit tcp any  any eq https   log

  permit tcp any  any eq ssh   log

!

ip access-list extended WebForward

  permit ip any  host a.b.c.34 eq 80

!

!

ip policy-class Private

  allow list self self

  nat destination list WebForward address 192.168.1.50 

  nat source list NAT interface eth 0/1 overload

!

ip policy-class Public

  allow list Admin self

!

View solution in original post

0 Kudos
Reply
10 Replies
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 using external ip

Jump to solution

:

Thank you for asking this question in the support community.  If you have followed the Configuring a Port Forward in AOS and Port Forward Quick Configuration guides, then you must be close.   If you would like to reply with the current configuration (please make sure to remove any information that may be sensitive to the organization), I will be happy to review it for you.

Levi

0 Kudos
Highlighted
New Contributor

Re: Netvanta 3448 using external ip

Jump to solution

Below I've included the current configuration file from the 3448 and blanked out all "sensitive" information.

0 Kudos
Highlighted
Anonymous
Not applicable

Re: Netvanta 3448 using external ip

Jump to solution

:

Thank you for replying with a copy of the configuration.  It looks like you are close, but have a few things that you will need to modify.  Please, see my suggestions below:

  • You will need to assign the public address you are doing the NAT for on the public interface ("ip address x.x.x.38 255.255.255.255 secondary")
  • You will need to have a different policy-class assigned to the public interface and the private interface
  • In the policy-class assigned to the public interface, you will need to match the ACL/NAT pool you created (it appears yours in named "static")

I think that is a start, but please do not hesitate to let me know what questions you have, or if you want me to review the configuration after you make the changes.

Levi

Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 using external ip

Jump to solution

nlpo,

It looks like there are a couple pieces missing from what I can tell:

ip access-list extended WebForward

permit tcp any host a.b.c.38 eq 80

!

ip policy-class test

nat destination list  WebForward address 192.168.1.50

Highlighted
New Contributor

Re: Netvanta 3448 using external ip

Jump to solution

Thanks Levi and jwable,

Below you find the changes I made. However, I'm still not getting through from the internet to my server. Please can you take another look at the configuration file?

Message was edited by: levi (added configuration as attachment)

0 Kudos
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 using external ip

Jump to solution

nlpo,

     In the ip access-list extended you did not include any ports the eq 80 in the example means allow ports equal to 80, 80 is your standard web server port for HTTP traffic.  Also after seeing your full config that IP address should be the primary IP.  I also noticed you only have one ip policy usually you would have two one for private and one for public.  And finnally just for a sanity check what happens if you try to open the webserver from inside using it's private IP address, does the web server work then?

John Wable

0 Kudos
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 using external ip

Jump to solution

nlpo,

   See the follow example of the two policy classes:

interface eth 0/1

  description PublicPort

  speed 100

  ip address  a.b.c.34  255.255.255.248

  ip address  a.b.c.38  255.255.255.255  secondary

  ip access-policy Public

  no shutdown

!

interface vlan 1

  description VLAN1

  ip address  192.168.1.1  255.255.255.0

  ip access-policy Private

!

ip access-list extended self

  remark Traffic to Netvanta

  permit ip any  any     log

!

!

ip access-list extended Admin

  remark Admin Access

  permit tcp any  any eq https   log

  permit tcp any  any eq ssh   log

!

ip access-list extended WebForward

  permit ip any  host a.b.c.34 eq 80

!

!

ip policy-class Private

  allow list self self

  nat destination list WebForward address 192.168.1.50 

  nat source list NAT interface eth 0/1 overload

!

ip policy-class Public

  allow list Admin self

!

View solution in original post

0 Kudos
Reply
Highlighted
New Contributor

Re: Netvanta 3448 using external ip

Jump to solution

Hello John,

I'm not trying to connect to a webserver on a.b.c.38, but a server so therefore I don't use the eq 80. If I go to the internal web-address 192.168.1.50 I get a normal response from its webpage and can login. Through a.b.c.38 the webpage times out. Do you have an example of a private and public ip policy?

Renee

0 Kudos
Contributor III
Contributor III

Re: Netvanta 3448 using external ip

Jump to solution

nplo,

     If you open up the forward without specifing a port that will cause all ports to point to that.  You should be as restrictive as possible when setting you rules and only allow exactly what you need. In your public IP addresses you are using is a.b.c. the same for primary and secondary? In other words a.b.c.34 255.255.255.248 is in the IP subnet as a.b.c.38 even though you have entered .38 as a 255.255.255.255 subnet mask if in both cases the a.b.c. is the same numbers.  If that is the case  should remove the following line from you eth 0/1 interface ip address  a.b.c.38  255.255.255.255  secondary.  Also do any of the other services you have listed work like the RDP connections to 192.168.1.101? If so then it is probably because of the overlapping IP in the eth config.

John Wable

0 Kudos