2 Replies Latest reply on Mar 12, 2015 2:28 PM by jayh
      • Re: How to Configure NAT on an Adtran NetVanta Router
        bcrinehart Past_Featured_Member

        I follow the use of ACLs and policy-class lists. I've set up NAT when an ISP provides a range of IP addresses. A Netvanta 1335 is equipped with Switchports, no ETH interfaces. I've typically assigned the ISP's addrs to a VLAN interface.

         

        interface vlan 99

          description Internet connection

          ip address  174.140.88.64  255.255.255.0

          ip ffe

          ip address range  174.140.88.143  174.140.88.145  255.255.255.0  secondary

          ip address range  174.140.88.215  174.140.88.220  255.255.255.0  secondary

          ip access-policy InetInPolicy

          crypto map VPN

          ip route-cache express

          no shutdown

        !

        I do not understand why you used address 1.1.1.66 - 68 and assigned them to a loopback interface. Do these represent a range of IP addrs assigned by the ISP that are different than the network address assigned by the ISP to the WAN interface?

         

        Is the loop interface required because the router has ETH interfaces to the Internet?

         

        I would also like an explanation of the use of the null route. The address 1.1.1.66 to 68 are public IP addrs, correct?

        A route on the Internet is going to direct traffic to these IPs via the WAN IP addr, 144.x.x.2, correct?

        Does the use of the null route negate the need to include these IP addrs as secondary on one of the Interfaces?

          • Re: How to Configure NAT on an Adtran NetVanta Router
            jayh Hall_of_Fame

            bcrinehart wrote:

             

            !

            I do not understand why you used address 1.1.1.66 - 68 and assigned them to a loopback interface. Do these represent a range of IP addrs assigned by the ISP that are different than the network address assigned by the ISP to the WAN interface?

             

            Is the loop interface required because the router has ETH interfaces to the Internet?

            I think this is a scenario where the provider's WAN IP of 144.x.x.2 is the point-to-point link and 1.1.1.x is the LAN bock routed by the ISP.  Rather than the null-route the extras he could have used a netmask on the loopback to encompass all of the routed LAN addresses.

             

            interface loop 1

              ip address 1.1.1.64 255.255.255.248

             

            would probably have been a better choice than the null-routes.

             

            I would also like an explanation of the use of the null route. The address 1.1.1.66 to 68 are public IP addrs, correct?

            A route on the Internet is going to direct traffic to these IPs via the WAN IP addr, 144.x.x.2, correct?

            Does the use of the null route negate the need to include these IP addrs as secondary on one of the Interfaces?

            They're public now but probably weren't assigned in 2012 when the original was posted. Actually 1.0.0.0/8 is public but 1.1.1.0/24 and 1.2.3.0/24 are pretty much unusable due to examples such as there and are assigned to Google for research. He probably should have used RFC5737 space such as 192.0.2.0/24, 198.51.100.0/24 or 203.0.113.0/24 in his example. RFC 5737 - IPv4 Address Blocks Reserved for Documentation

             

            Note that this post is from June 2012 and has had no replies for nearly three years.