3 Replies Latest reply on Jul 9, 2013 7:10 AM by noor

    Netvanta 1335 Firewall question

    jtphoneman New Member

      I have a Netvanta 1335 that I have IP Firewall Enabled. I am using vlan 1, 2 and 200 in the 1335. I have vlan 2 and 200 setup with the Private Access policy overloading to vlan 1 which is setup for my Public Policy. All in the 1335 is working correct, I can get on the internet from any vlan. I also have a DHCP server on vlan 1. I have a trunk port configured on port 0/23 going to a 1234 Netvanta. The Trunk is setup to allow vlan 1,2 and 200. Firewall in the 1335 is not allowing clients in vlan 1 on the 1234 to get DHCP.

       

      Interface vlan 1 on the 1335 is 192.168.0.254, interface vlan 1 on the 1234 is 192.168.0.253. I can ping int vlan 1 on the 1234 from the 1335 but cant ping from the 1234 back to int vlan 1 on the 1335 unless I turn off the ip firewall in the 1335. What could I do to correct this? Below is the configs for both switches

       

      Thanks

        • Re: Netvanta 1335 Firewall question
          Employee

          jtphoneman - Thanks for posting on the forum!

           

          It looks like you have opened a ticket with Adtran Tech Support regarding this question. If you don't mind, please post the resolution to your question so others can benefit from it.

           

          Please do not hesitate to let us know if you have any questions.

           

          Thanks,

          Noor

            • Re: Netvanta 1335 Firewall question
              jtphoneman New Member

              I needed to create a couple of ACL's and apply then to the Public policy-class. This allowed the access that I needed from Vlan 1 to 200.

               

              interface vlan 1

                description Customer_Data

                ip address  192.168.0.254  255.255.255.0

                ip access-policy Public

                ip route-cache express

                no shutdown

              !

              interface vlan 2

                description RSVP

                ip address  192.168.2.254  255.255.255.0

                ip access-policy Private

                ip route-cache express

                no shutdown

              !

              interface vlan 200

                description Voice

                ip address  192.168.200.254  255.255.255.0

                ip access-policy Private

                ip route-cache express

                no shutdown

              !

              !

              !

              !

              !

              !

              !

              ip access-list standard PUBLIC

                permit any

              !

              ip access-list standard wizard-ics

                remark Internet Connection Sharing

                permit any

              !

              !

              ip access-list extended Remote

                remark do not hand edit this ACL

                permit tcp any  any eq www   log

                permit tcp any  any eq telnet   log

                permit tcp any  any eq ssh   log

                permit tcp any  any eq ftp   log

                permit icmp any  any  echo   log

                permit tcp any  any eq https   log

              !

              ip access-list extended self

                remark Traffic to NetVanta

                permit ip any  any     log

              !

              ip access-list extended web-acl-5

                remark Vlan_1_TO_Vlan_200

                permit ip 192.168.0.0 0.0.0.255  192.168.200.0 0.0.0.255  

              !

              ip access-list extended web-acl-7

                remark Admin_Access

                permit tcp 192.168.0.0 0.0.0.255  any eq www   log

                permit tcp 192.168.0.0 0.0.0.255  any eq telnet   log

                permit tcp 192.168.0.0 0.0.0.255  any eq https   log

                permit tcp 192.168.0.0 0.0.0.255  any eq ssh   log

                permit tcp 192.168.0.0 0.0.0.255  any eq ftp   log

                permit icmp 192.168.0.0 0.0.0.255  any  echo   log

              !

              !

              !

              ip policy-class Private

                allow list self self

                nat source list wizard-ics interface vlan 1 overload

              !

              ip policy-class Public

                allow list web-acl-5

                allow list web-acl-7 self

              !

                • Re: Netvanta 1335 Firewall question
                  Employee

                  jtphoneman -

                  I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                   


                  Thanks,

                  Noor