cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jgoodall
New Contributor

cannot route from adtran to sonicwall that is plugged into 3430

i can get to the 3430 from the internet side of it to admin it via telnet. i have a sonicwall nsa3500 that is attached to my side of the router with the public ip address in it. i cannot ping 65.202.80.34 but can .33 which is the adtran. i have https and ping turned on through my sonicwall but cant get to them. below is my configuration in the router. it seems to me i am missing something simple in routing

Building configuration...

!

!

! ADTRAN, Inc. OS version R10.6.0

! Boot ROM version 17.06.01.B2

! Platform: NetVanta 3430, part number 1202820G1

! Serial number LBADTN1321AT040

!

!

hostname "Router"

enable password adtran

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

!

!

!

no auto-config

!

event-history on

no logging forwarding

no logging email

!

no service password-encryption

!

username "password" password "password"

!

!

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

!

!

!

!

!

!

!

!

!

no dot11ap access-point-control

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

no ethernet cfm

!

interface eth 0/1

  ip address  65.202.80.33  255.255.255.224

  no shutdown

!

!

interface eth 0/2

  no ip address

  shutdown

!

!

!

!

interface t1 1/1

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

interface t1 1/2

  tdm-group 1 timeslots 1-24 speed 64

  no shutdown

!

interface ppp 1

  description c1000475_sarasota-fl-2-5404730

  ip address  157.130.65.50  255.255.255.252

  bandwidth 3072

  ppp multilink

  no shutdown

  cross-connect 1 t1 1/1 1 ppp 1

  cross-connect 2 t1 1/2 1 ppp 1

!

!

!

!

!

!

!

!

!

!

!

ip route 0.0.0.0 0.0.0.0 157.130.65.49

!

no tftp server

no tftp server overwrite

http server

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

ip sip udp 5060

ip sip tcp 5060

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

line con 0

  login

  password adtran

!

line telnet 0 4

  login

  password adtran

  line-timeout 30

  no shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

!

!

!

!

Labels (2)
Tags (2)
0 Kudos
9 Replies

Re: cannot route from adtran to sonicwall that is plugged into 3430

forgot to mention it is a dual T1

jayh
Honored Contributor
Honored Contributor

Re: cannot route from adtran to sonicwall that is plugged into 3430

  • Is the eth 0/1 interface physically up?  You may need a crossover cable.
  • Does the Sonicwall have its default route pointed to 65.202.80.33 ?  It should. 
  • Can you ping the Sonicwall from the Netvanta itself?
  • If you issue a "show arp" command immediately after attempting a ping to the Sonicwall, is there an ARP entry for it?

Re: cannot route from adtran to sonicwall that is plugged into 3430

Yes, interface is up, I can ping from netvanta to sonicwall but not the other way, the show arp shows  the sonicwall at .34.

https://supportforums.adtran.com/cid:image001.png@01CF1DBA.53E67B10

https://supportforums.adtran.com/cid:image002.png@01CF1DBA.53E67B10

Jeffrey M. Goodall

Director Of Technology and Field IT

Envera Systems | Next Generation Security

https://supportforums.adtran.com/Description: Description: Description: Description: cid:image001.pn...<http://www.enverasystems.com/>

Message was edited by: noor
Removed contact information

Re: cannot route from adtran to sonicwall that is plugged into 3430

i can ping from sonicwall to netvanta using my X4 interface.

jayh
Honored Contributor
Honored Contributor

Re: cannot route from adtran to sonicwall that is plugged into 3430


jgoodall wrote:



i can ping from sonicwall to netvanta using my X4 interface.


Is there another interface on the Sonicwall that also has a default route, perhaps with a lower metric or cost?

Re: cannot route from adtran to sonicwall that is plugged into 3430

I have a comcast 50mb fiber that is primary but I should be able to ping this interface at least or do a 1 to 1 nat from this range.

Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone

jayh
Honored Contributor
Honored Contributor

Re: cannot route from adtran to sonicwall that is plugged into 3430


jgoodall wrote:



I have a comcast 50mb fiber that is primary but I should be able to ping this interface at least or do a 1 to 1 nat from this range.


Maybe, and maybe not.  That's a Sonicwall configuration issue and there may be a means there to fix it.  Here's why things aren't working. 

  1. You send a packet from an outside address to 65.202.80.34. 
  2. The Sonicwall attempts to reply, sourcing the reply out its default.
  • If the Sonicwall sources the reply from the interface IP of the default, then your workstation sees return traffic from a different IP than that to which it was sent and throws it on the floor.
  • If the Sonicwall sources the reply from .34 and sources it out the default, then Comcast sees traffic arriving from an address not assigned to its customer as spoofing and throws it on the floor.

The Sonicwall needs the equivalent of policy routing enabled.  Match source-interface X4 and use 65.202.80.33 as the next hop.  I would ask the Sonicwall people how to deal with this.  I know they have dual-WAN and failover on some of their devices.  This may be a licensed feature.

Re: cannot route from adtran to sonicwall that is plugged into 3430

I have the license for most of feature since it is an nsa 3500. I will check with them and update later. Thanks

Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone

Anonymous
Not applicable

Re: cannot route from adtran to sonicwall that is plugged into 3430

:

I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi