3 Replies Latest reply on Apr 23, 2016 8:36 AM by bababouy

    Using Netvanta 4430 LAN as WAN

    rbrouillette New Member

      Inherited a 4430 router (w/o any NIMs) to use as a simple DHCP and Internet access router for a SMB setup.  The current config is to use the giga eth 0/1 was the WAN interface and the giga eth 0/2 as the private interface.  Even with much google-fu and insight from actual IT professional friends, I can not seem to provide access to the office.  The 0/1 interface and 0/2 interface can ping outside websites, but devices within the LAN can not get access.  Any help would be much appreciated.  Config below:

       

      !

      !

      ! ADTRAN, Inc. OS version 18.02.02.SC.E

      ! Boot ROM version 17.04.01.00

      ! Platform: NetVanta 4430, part number 1700630E1

      ! Serial number LBADTN1131AT083

      !

      !

      hostname "Router"

      enable password

      !

      clock timezone -5-Eastern-Time

      !

      ip subnet-zero

      ip classless

      ip default-gateway 50.243.192.86

      ip routing

      ipv6 unicast-routing

      !

      !

      ip name-server 75.75.75.75 76.76.76.76

      !

      !

      auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      !

      no service password-encryption

      !

      username "admin" password ""

      ip forward-protocol udp time

      ip forward-protocol udp nameserver

      ip forward-protocol udp tacacs

      ip forward-protocol udp tftp

      ip forward-protocol udp netbios-ns

      ip forward-protocol udp netbios-dgm

      !

      !

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      ip dhcp-server excluded-address 192.168.178.0

      ip dhcp-server excluded-address 192.168.178.255

      !

      ip dhcp-server pool "Private"

        network 192.168.178.0 255.255.255.0

        dns-server 192.168.178.254

        default-router 192.168.178.254

        lease 1

      !

      ip urlfilter Web_Http_Filter http

      !

      !

      !

      !

      !

      !

      !

      !

      !

      no ethernet cfm

      !

      interface eth 0/1

        ip address 10.10.10.1 255.255.255.0

        no awcp

        no shutdown

      !

      !

      !

      interface gigabit-eth 0/1

        description Public

        ip address 50.243.192.82 255.255.255.248

        ip mtu 1500

        ip access-policy Public

        ! IPv4 access-policy will not be used until IPv4 firewall is enabled

        no rtp quality-monitoring

        no awcp

        no shutdown

      !

      !

      interface gigabit-eth 0/2

        description Private

        ip address 192.168.178.254 255.255.255.0

        ip mtu 1500

        ip helper-address 192.168.178.254

        ip access-policy Private

        ! IPv4 access-policy will not be used until IPv4 firewall is enabled

        ip urlfilter Web_Http_Filter in

        ip urlfilter Web_Http_Filter out

        ! URL filter disabled until a port is defined and IP firewall is enabled

        ip flow ingress

        ip flow egress

        no awcp

        no shutdown

      !

      !

      !

      !

      !

      router rip

        network 192.168.178.0 255.255.255.0

      !

      !

      !

      !

      !

      !

      !

      ip access-list standard MATCHALL

        permit any

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended self

        remark Traffic to NetVanta

        permit ip any any log

      !

      ip access-list extended web-acl-5

        permit ip any any 

      !

      ip access-list extended wizard-pfwd-1

        remark Port Forward 1

        permit tcp any host 50.243.192.82 log

      !

      ip access-list extended wizard-remote-access

        remark do not hand edit this ACL

        permit tcp any any eq www log

        permit tcp any any eq ssh log

        permit tcp any any eq ftp log

        permit tcp any any eq telnet log

        permit icmp any any echo log

        permit tcp any any eq https log

        remark do not hand edit this ACL

        permit tcp any any range www www log

        permit tcp any any range telnet telnet log

        permit tcp any any range ssh ssh log

        permit tcp any any range ftp ftp log

        permit icmp any any echo log

        permit tcp any any range https https log

      !

      !

      !

      !

      ip policy-class Private

        allow list self self

        nat source list wizard-ics interface gigabit-ethernet 0/1 overload

      !

      ip policy-class Public

        nat destination list wizard-pfwd-1 address 192.168.178.233

      !

      !

      !

      ip route 0.0.0.0 0.0.0.0 50.243.192.86

      !

      no tftp server

      no tftp server overwrite

      ip http server

      no ip http secure-server

      no snmp agent

      no ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      ip sip udp 5060

      ip sip tcp 5060

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        login

        password

      !

      line telnet 0 4

        login

        password

        no shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      !

      !

      !

      !

      end

        • Re: Using Netvanta 4430 LAN as WAN
          jayh Hall_of_Fame

          You won't be able to do NAT until you enable IP firewall.

           

          In global config mode type "ip firewall" and you should be good to go. If you're connected by telnet or ssh you'll probably get kicked off but you should be able to get back in from the private side.  If you're on console no problem.

           

          If you get locked out and can't get back in, rebooting will wipe out any unsaved changes and get you back to where you were. You can anticipate this possibility with the command "reload in 10" before making changes remotely. If something goes wrong, the box will reboot in ten minutes and all unsaved changes erased. If all goes well, type "reload cancel" and "write memory" to kill the scheduled reboot and save your changes.

            • Re: Using Netvanta 4430 LAN as WAN
              eric17 Employee

              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

               

              Thanks,

               

              Eric

            • Re: Using Netvanta 4430 LAN as WAN
              bababouy New Member

              Im trying to do something similar with a Netvanta 4430. I bought the unit new about 1 1/2 years ago. The gig 0/1 and gig 0/2 ports were configured for two seperate ISPs to be a fail over. We are using eth 0/1 for LAN which only seems to be 100Mbps. We ended up not using gig 0/2 and have expanded our network and our connection to a 250Mbps, but it seems that I have a bottle neck going through the ETH 0/1 port. Can I change GIG 0/2 to LAN to give my network full GIG service? If so, how? I'm not super familiar with this GUI, but I can figure it out.