cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
maro35
New Contributor

Using eth 0/2 to connect a vpn device

Apologies for the length of this but here goes....We're putting in a device to create a "secure" connection between our LAN and Vendor A's data facility. Our voice and data are provided by VENDOR B who also sold us the ADTRAN 908E router and Netvanta 1234 POE switches. they also provide a fire wall cloud service in front of the 908e so we have to request NAT and port changes etc. through them. Unfortunately, when it comes to configuring the Adtran equipment, they don't assist at all.

VENDOR A requested that VENDOR B  nat traffic from an address (152.178.49.93 ) in our public /29 block to an address (200.100.1.10) on our internal LAN.

This failed.

They are now asking us to create a new 178.30.240.2 /30 block on the lan side of the 908e, and requesting that Vendor B nat internet traffic to one of the 2 hosts in the /30 block which will be the WAN side ip address of the VPN appliance.

It's lan side ip address will be on our current lan . IP route statements added to the 908 config will direct lan traffic back to the lan address of  Vendor A's appliance.

Ok . I was thinking of trying to do this with VLANS on the 1234 switches but gave up. I noticed though that the 908 has 2 Ethernet ports, one of is disabled and not in use. Could I configure a /30 network on eth 0/2, enable it and connect it to a separate switch where the WAN side address of the VPN appliance also lives? Then if Vendor B nats  152.178.49.93  to . 178.30.240.2 will this work?

Hope its not a dumb question but hey, yesterday morning, the only nats i knew anything about were gnats.

Thanks in advance,

this is what 've got so far (new stuff in red)

!

interface eth 0/1

  description HATFIELDLAN

  ip address  200.100.1.1  255.255.255.0

  ip ffe

  media-gateway ip primary

  no shutdown

!

!

interface eth 0/2

  description ADPVPN

  ip address  172.30.240.1  255.255.255.252

  ip ffe

  media-gateway ip primary

  no shutdown

!

And the routing statements I added

ip route 192.110.68.0 255.255.255.0 200.100.1.10

ip route 192.224.101.0 255.255.255.0 200.100.1.10

ip route 206.95.216.96 255.255.255.224 200.100.1.10

ip route 207.186.244.192 255.255.255.192 200.100.1.10

0 Kudos
2 Replies
Anonymous
Not applicable

Re: Using eth 0/2 to connect a vpn device

Maro35,

    Something looks like it is missing to me and I would really need to see the full configs of the equipment and a network drawing to verify but here's what things would need to look like to make what you are asking for to work:

WAN Connection 1 (Provider 1 Internet Connection) --> Adtran 908E T1(WAN 1) (This connection is not visible in Config)

WAN Connection 2 (Provider 2 Internet Connection) -->  Adtran 908E Eth 0/2 (WAN 2)

Adtran 908E ETH 0/1 (LAN)  --> 1234 Switch

1234 Switch --> LAN Devices

The computers would need to use the Adtran 908E as their default gateway so that when they try to get to the cloud facility the Adtran could tell them use Eth 0/2.  However I am guessing this is not the setup and that the Adtran is there just to convert VOICE from PRI to SIP, but would need to see the entire configs to verify.  There's also a lot more to VPN setups then just some NATing and Routing there are several other pieces needed as well.  Also as you can see from connections listed above the Adtran would have to 3 connections on it and since it only has 2 Ethernet ports at least 1 connection would have to be a T1 or 2XT1 and then one port connects to internal network and the other connects to a new provider.  I would recommend getting all the providers on the phone at one time and telling them "We have to make this happen work out how and lets get it installed."  I do not see why they can't build a VPN from the Cloud Firewall to Vendor B and there shouldn't be a need to change anything on your local network at all.

John Wable

maro35
New Contributor

Re: Using eth 0/2 to connect a vpn device

Thanks for your input!

As you said I didn't put enough information on there. Also I did finally manage, after several go 'rounds to get some  cooperation from the vendors. I was on the right track at least because it started to work once they did their part.

Appreciate your time, thanks again