Apologies for the length of this but here goes....We're putting in a device to create a "secure" connection between our LAN and Vendor A's data facility. Our voice and data are provided by VENDOR B who also sold us the ADTRAN 908E router and Netvanta 1234 POE switches. they also provide a fire wall cloud service in front of the 908e so we have to request NAT and port changes etc. through them. Unfortunately, when it comes to configuring the Adtran equipment, they don't assist at all.
VENDOR A requested that VENDOR B nat traffic from an address (220.127.116.11 ) in our public /29 block to an address (18.104.22.168) on our internal LAN.
They are now asking us to create a new 22.214.171.124 /30 block on the lan side of the 908e, and requesting that Vendor B nat internet traffic to one of the 2 hosts in the /30 block which will be the WAN side ip address of the VPN appliance.
It's lan side ip address will be on our current lan . IP route statements added to the 908 config will direct lan traffic back to the lan address of Vendor A's appliance.
Ok . I was thinking of trying to do this with VLANS on the 1234 switches but gave up. I noticed though that the 908 has 2 Ethernet ports, one of is disabled and not in use. Could I configure a /30 network on eth 0/2, enable it and connect it to a separate switch where the WAN side address of the VPN appliance also lives? Then if Vendor B nats 126.96.36.199 to . 188.8.131.52 will this work?
Hope its not a dumb question but hey, yesterday morning, the only nats i knew anything about were gnats.
Thanks in advance,
this is what 've got so far (new stuff in red)
interface eth 0/1
ip address 184.108.40.206 255.255.255.0
media-gateway ip primary
interface eth 0/2
ip address 172.30.240.1 255.255.255.252
media-gateway ip primary
And the routing statements I added
ip route 220.127.116.11 255.255.255.0 18.104.22.168
ip route 22.214.171.124 255.255.255.0 126.96.36.199
ip route 188.8.131.52 255.255.255.224 184.108.40.206
ip route 220.127.116.11 255.255.255.192 18.104.22.168
Something looks like it is missing to me and I would really need to see the full configs of the equipment and a network drawing to verify but here's what things would need to look like to make what you are asking for to work:
WAN Connection 1 (Provider 1 Internet Connection) --> Adtran 908E T1(WAN 1) (This connection is not visible in Config)
WAN Connection 2 (Provider 2 Internet Connection) --> Adtran 908E Eth 0/2 (WAN 2)
Adtran 908E ETH 0/1 (LAN) --> 1234 Switch
1234 Switch --> LAN Devices
The computers would need to use the Adtran 908E as their default gateway so that when they try to get to the cloud facility the Adtran could tell them use Eth 0/2. However I am guessing this is not the setup and that the Adtran is there just to convert VOICE from PRI to SIP, but would need to see the entire configs to verify. There's also a lot more to VPN setups then just some NATing and Routing there are several other pieces needed as well. Also as you can see from connections listed above the Adtran would have to 3 connections on it and since it only has 2 Ethernet ports at least 1 connection would have to be a T1 or 2XT1 and then one port connects to internal network and the other connects to a new provider. I would recommend getting all the providers on the phone at one time and telling them "We have to make this happen work out how and lets get it installed." I do not see why they can't build a VPN from the Cloud Firewall to Vendor B and there shouldn't be a need to change anything on your local network at all.
Thanks for your input!
As you said I didn't put enough information on there. Also I did finally manage, after several go 'rounds to get some cooperation from the vendors. I was on the right track at least because it started to work once they did their part.
Appreciate your time, thanks again