10 Replies Latest reply on Jun 21, 2013 5:47 AM by nlpo

    Netvanta 3448 using external ip

    nlpo New Member

      Since I'm new to Netvanta 3448 and don't have the proper training on it, I'm trying to establish the following:

      Netvanta 3448 with firmware 17.09.03.00

      eth 0/1 external IP address a.b.c.34 Netmask 255.255.255.248

      internal IP 192.168.1.1 255.255.255.0

      swx 0/8 fixed IP 192.168.1.50 server

      I'm trying to forward the external IP address a.b.c.38 to the internal IP 192.168.1.50 server with complete NAT.

      I watched the video on port forwarding using 1:1 NAT for forwarding an external IP address to an internal server, but I can't reproduce it.

      I'm not able to e.g. add the external IP address to the eth 0/1 (my guess is that this is already in range of the subnet mask).

      Is it possible to forward the a.b.c.38 address to the 192.168.1.50?

      If so, how can it be made possible?

      If more information is needed please ask.

        • Re: Netvanta 3448 using external ip
          levi Employee

          nlpo:

           

          Thank you for asking this question in the support community.  If you have followed the Configuring a Port Forward in AOS and Port Forward Quick Configuration guides, then you must be close.   If you would like to reply with the current configuration (please make sure to remove any information that may be sensitive to the organization), I will be happy to review it for you.

           

          Levi

            • Re: Netvanta 3448 using external ip
              nlpo New Member

              Below I've included the current configuration file from the 3448 and blanked out all "sensitive" information.

                • Re: Netvanta 3448 using external ip
                  levi Employee

                  nlpo:

                   

                  Thank you for replying with a copy of the configuration.  It looks like you are close, but have a few things that you will need to modify.  Please, see my suggestions below:

                   

                  • You will need to assign the public address you are doing the NAT for on the public interface ("ip address x.x.x.38 255.255.255.255 secondary")
                  • You will need to have a different policy-class assigned to the public interface and the private interface
                  • In the policy-class assigned to the public interface, you will need to match the ACL/NAT pool you created (it appears yours in named "static")

                   

                  I think that is a start, but please do not hesitate to let me know what questions you have, or if you want me to review the configuration after you make the changes.

                   

                  Levi

                  1 of 1 people found this helpful
                    • Re: Netvanta 3448 using external ip
                      nlpo New Member

                      Thanks Levi and jwable,

                       

                      Below you find the changes I made. However, I'm still not getting through from the internet to my server. Please can you take another look at the configuration file?

                       

                      Message was edited by: levi (added configuration as attachment)

                        • Re: Netvanta 3448 using external ip
                          jwable Frequent Visitor

                          nlpo,

                               In the ip access-list extended you did not include any ports the eq 80 in the example means allow ports equal to 80, 80 is your standard web server port for HTTP traffic.  Also after seeing your full config that IP address should be the primary IP.  I also noticed you only have one ip policy usually you would have two one for private and one for public.  And finnally just for a sanity check what happens if you try to open the webserver from inside using it's private IP address, does the web server work then?

                           

                          John Wable

                            • Re: Netvanta 3448 using external ip
                              jwable Frequent Visitor

                              nlpo,

                                 See the follow example of the two policy classes:

                               

                               

                              interface eth 0/1

                                description PublicPort

                                speed 100

                                ip address  a.b.c.34  255.255.255.248

                                ip address  a.b.c.38  255.255.255.255  secondary

                                ip access-policy Public

                                no shutdown

                              !

                              interface vlan 1

                                description VLAN1

                                ip address  192.168.1.1  255.255.255.0

                                ip access-policy Private

                              !

                              ip access-list extended self

                                remark Traffic to Netvanta

                                permit ip any  any     log

                              !

                              !

                              ip access-list extended Admin

                                remark Admin Access

                                permit tcp any  any eq https   log

                                permit tcp any  any eq ssh   log

                              !

                              ip access-list extended WebForward

                                permit ip any  host a.b.c.34 eq 80

                              !

                              !

                              ip policy-class Private

                                allow list self self

                                nat destination list WebForward address 192.168.1.50 

                                nat source list NAT interface eth 0/1 overload

                              !

                              ip policy-class Public

                                allow list Admin self

                              !

                              • Re: Netvanta 3448 using external ip
                                nlpo New Member

                                Hello John,

                                 

                                I'm not trying to connect to a webserver on a.b.c.38, but a server so therefore I don't use the eq 80. If I go to the internal web-address 192.168.1.50 I get a normal response from its webpage and can login. Through a.b.c.38 the webpage times out. Do you have an example of a private and public ip policy?

                                 

                                Renee

                                  • Re: Netvanta 3448 using external ip
                                    jwable Frequent Visitor

                                    nplo,

                                         If you open up the forward without specifing a port that will cause all ports to point to that.  You should be as restrictive as possible when setting you rules and only allow exactly what you need. In your public IP addresses you are using is a.b.c. the same for primary and secondary? In other words a.b.c.34 255.255.255.248 is in the IP subnet as a.b.c.38 even though you have entered .38 as a 255.255.255.255 subnet mask if in both cases the a.b.c. is the same numbers.  If that is the case  should remove the following line from you eth 0/1 interface ip address  a.b.c.38  255.255.255.255  secondary.  Also do any of the other services you have listed work like the RDP connections to 192.168.1.101? If so then it is probably because of the overlapping IP in the eth config.

                                     

                                    John Wable

                            • Re: Netvanta 3448 using external ip
                              jwable Frequent Visitor

                              nlpo,

                              It looks like there are a couple pieces missing from what I can tell:

                               

                               

                              ip access-list extended WebForward

                              permit tcp any host a.b.c.38 eq 80

                              !

                              ip policy-class test

                              nat destination list  WebForward address 192.168.1.50

                              1 of 1 people found this helpful
                          • Re: Netvanta 3448 using external ip
                            nlpo New Member

                            Thanks everybody for helping to solve this issue. It works after the help of jwable.