0 Replies Latest reply on Dec 30, 2016 10:04 AM by drewmon1

    Need help with what should be a basic 1:1 NAT config on a 3120.

    drewmon1 New Member

      Hi,

      I'm replacing an old SSR2000 router with a 3120.  The SSR is only doing 1:1 NAT just basic convert from IP 10.132.X.X to 10.219.X.X bidirectionally.  I cant for the life of me get this 3120 to work properly.  I have about 12 addresses that need to be NAT'd.  I have some functionality, but not everything.  I feel that all the traffics "seems" to leave the router as 10.219.73.10 address, not all traffic is coming back through.  Thank you for your help.

       

      Configs are listed below:

       

      OLD SSR Config:

       

      Running system configuration:

           !

           ! Last modified from 2014-05-14 16:47:15

           !

      1 : vlan create 101building id 1017

      2 : vlan create work id 1016

      3 : vlan add ports et.1.1-4 to work

      4 : vlan add ports et.1.5-8 to 101Building

           !

      5 : interface create ip V-work vlan work address-netmask 10.132.1.2/16

      6 : interface create ip V-101building vlan 101building address-netmask 10.219.73.1/24

           !

      7 : ip add route 10.133.0.0/16 gateway 10.132.1.1 retain

      8 : ip add route 10.2.0.0/16 gateway 10.132.1.1 retain

      9 : ip add route 10.135.0.0/16 gateway 10.132.1.1 retain

      10 : ip add route 10.4.0.0/16 gateway 10.132.1.1 retain

      11 : ip add route 172.16.10.0/24 gateway 10.132.1.1 retain

      12 : ip add route 10.131.0.0/16 gateway 10.132.1.1 retain

      13 : ip add route 10.6.0.0/16 gateway 10.132.1.1 retain

      14 : ip add route 10.13.0.0/16 gateway 10.132.1.1 retain

      15 : ip add route 10.14.0.0/16 gateway 10.132.1.1 retain

      16 : ip add route 10.15.0.0/16 gateway 10.132.1.1 retain

      17 : ip add route 10.21.0.0/16 gateway 10.132.1.1 retain

      18 : ip add route 10.153.0.0/16 gateway 10.132.1.1 retain

      -19 : ip add route 10.154.0.0/16 gateway 10.132.1.1 retain

      20 : ip add route 10.1.0.0/16 gateway 10.132.1.1 retain

      21 : ip add route 10.129.0.0/16 gateway 10.132.1.1 retain

      22 : ip add route default gateway 10.132.1.3

      23 : ip add route 10.19.0.0/16 gateway 10.219.73.254 retain

      24 : ip add route 10.10.144.0/24 gateway 10.219.73.254 retain

           !

      25 : system set name "work-Router"

      26 : system set hashed-password login FpyZWR f8525d48b881be63ae2ce2289a83170c

      27 : system set hashed-password enable FpyZWR 2d24ea89f5047c0823f9cf52e0bc31ad

      28 : system set idle-timeout serial 20

      29 : system set idle-timeout telnet 20

           !

      30 : nat set secure-plus on

      31 : nat set interface V-work inside

      32 : nat set interface V-101building outside

      33 : nat create static local-ip 10.132.10.40 global-ip 10.219.73.10 protocol ip

      34 : nat create static local-ip 10.132.40.221 global-ip 10.219.73.1 protocol ip

      35 : nat create static local-ip 10.132.40.222 global-ip 10.219.73.2 protocol ip

      36 : nat create static local-ip 10.132.1.8 global-ip 10.219.73.4 protocol ip

      37 : nat create static local-ip 10.132.1.7 global-ip 10.219.73.6 protocol ip

      38 : nat create static local-ip 10.133.40.160 global-ip 10.219.73.9 protocol ip

      39 : nat create static local-ip 10.2.30.150 global-ip 10.219.73.8 protocol ip

      -40 : nat create static local-ip 10.135.40.147 global-ip 10.219.73.5 protocol ip

      41 : nat create static local-ip 10.132.40.5 global-ip 10.219.73.3 protocol ip

      42 : nat create static local-ip 10.135.41.100 global-ip 10.219.73.7 protocol ip

      43 : nat create static local-ip 10.135.40.148 global-ip 10.219.73.11 protocol ip

      44 : nat create static local-ip 10.135.40.149 global-ip 10.219.73.12 protocol ip

      work-Router(config)#

       

      Current Adtran 3120 Config:

       

      ! ADTRAN OS version R12.2.0.SA.E

      ! Boot ROM version 17.01.01.00

      ! Platform: NetVanta 3120, part number 1700601G2

      ! Serial number LBADTN1521AT158

      !

      !

      hostname "work-Router"

      enable password Youllneverknow

      !

      clock timezone -5-Eastern-Time

      !

      ip subnet-zero

      ip classless

      ip default-gateway 10.132.1.3

      ip routing

      domain-name "work.local"

      domain-proxy

      name-server 10.132.10.3 10.132.10.2

      !

      !

      no auto-config

      !

      event-history on

      no logging forwarding

      logging forwarding priority-level info

      no logging email

      !

      no service password-encryption

      !

      portal-list "admin" console ftp http-admin ssh telnet

      !

      username "dXXX" portal-list "admin" password "XXXXXXXX"

      username "xXXadmin" portal-list "admin" password "XXXXXXXX"

      !

      !

      ip firewall

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      aaa on

      ftp authentication LoginUseLocalUsers

      !

      !

      aaa authentication login LoginUseTacacs group tacacs+

      aaa authentication login LoginUseRadius group radius

      aaa authentication login LoginUseLocalUsers local

      aaa authentication login LoginUseLinePass line

      !

      aaa authentication enable default enable

      !

      aaa authentication port-auth default local

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      vlan 506

        name "work"

      !

      vlan 507

        name "101building"

      !

      !

      interface eth 0/1

        description 101building Connection

        ip address  10.219.73.10  255.255.255.0

        ip mtu 1500

        no awcp

        no shutdown

        no lldp send-and-receive

      !

      !

      interface switchport 0/1

        no shutdown

        switchport access vlan 506

      !

      interface switchport 0/2

        no shutdown

        switchport access vlan 506

      !

      interface switchport 0/3

        no shutdown

      !

      interface switchport 0/4

        no shutdown

      !

      !

      !

      interface vlan 1

        no ip address

        shutdown

      !

      interface vlan 506

        description work-Router

        ip address  10.132.1.2  255.255.0.0

        ip mtu 1500

        ip access-policy Private

        no rtp quality-monitoring

        no awcp

        no shutdown

      !

      interface vlan 507

        description State

        no ip address

        shutdown

      !

      !

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended nat-acl-1

        remark 1:1 NAT 10.219.73.10 > 10.132.10.40

        permit ip any  host 10.219.73.10     log

      !

      ip access-list extended nat-acl-10

        remark 1:1 NAT 10.219.73.12 > 10.135.40.149

        permit ip any  host 10.219.73.12     log

      !

      ip access-list extended nat-acl-101

        remark 1:1 NAT 10.132.10.40 > 10.219.73.10

        permit ip any  host 10.132.10.40     log

      !

      ip access-list extended nat-acl-102

        remark 1:1 NAT 10.132.40.221 > 10.219.73.1

        permit ip any  host 10.132.40.221     log

      !

      ip access-list extended nat-acl-103

        remark 1:1 NAT 10.132.40.222 > 10.219.73.2

        permit ip any  host 10.132.40.222     log

      !

      ip access-list extended nat-acl-104

        remark 1:1 NAT 10.132.1.8 > 10.219.73.4

        permit ip any  host 10.132.1.8     log

      !

      ip access-list extended nat-acl-105

        remark 1:1 NAT 10.132.1.7 > 10.219.73.6

        permit ip any  host 10.132.1.7     log

      !

      ip access-list extended nat-acl-106

        remark 1:1 NAT 10.133.40.160 > 10.219.73.9

        permit ip any  host 10.133.40.160     log

      !

      ip access-list extended nat-acl-107

        remark 1:1 NAT 10.2.30.150 > 10.219.73.8

        permit ip any  host 10.2.30.150     log

      !

      ip access-list extended nat-acl-108

        remark 1:1 NAT 10.135.40.147 > 10.219.73.5

        permit ip any  host 10.135.40.147     log

      !

      ip access-list extended nat-acl-109

        remark 1:1 NAT 10.135.40.148 > 10.219.73.11

        permit ip any  host 10.135.40.148     log

      !

      ip access-list extended nat-acl-11

        remark 1:1 NAT 10.219.73.7 > 10.135.41.100

        permit ip any  host 10.219.73.7     log

      !

      ip access-list extended nat-acl-110

        remark 1:1 NAT 10.135.40.149 > 10.219.73.12

        permit ip any  host 10.135.40.149     log

      !

      ip access-list extended nat-acl-111

        remark 1:1 NAT 10.135.41.100 > 10.219.73.7

        permit ip any  host 10.135.41.100     log

      !

      ip access-list extended nat-acl-112

        remark 1:1 NAT 10.132.40.5 > 10.219.73.3

        permit ip any  host 10.132.40.5     log

      !

      ip access-list extended nat-acl-12

        remark 1:1 NAT 10.219.73.3 > 10.132.40.5

        permit ip any  host 10.219.73.3     log

      !

      ip access-list extended nat-acl-2

        remark 1:1 NAT 10.219.73.1 > 10.132.40.221

        permit ip any  host 10.219.73.1     log

      !

      ip access-list extended nat-acl-3

        remark 1:1 NAT 10.219.73.2 > 10.132.40.222

        permit ip any  host 10.219.73.2     log

      !

      ip access-list extended nat-acl-4

        remark 1:1 NAT 10.219.73.4 > 10.132.1.8

        permit ip any  host 10.219.73.4     log

      !

      ip access-list extended nat-acl-5

        remark 1:1 NAT 10.219.73.6 > 10.132.1.7

        permit ip any  host 10.219.73.6     log

      !

      ip access-list extended nat-acl-6

        remark 1:1 NAT 10.219.73.9 > 10.133.40.160

        permit ip any  host 10.219.73.9     log

      !

      ip access-list extended nat-acl-7

        remark 1:1 NAT 10.219.73.8 > 10.2.30.150

        permit ip any  host 10.219.73.8     log

      !

      ip access-list extended nat-acl-8

        remark 1:1 NAT 10.219.73.5 > 10.135.40.147

        permit ip any  host 10.219.73.5     log

      !

      ip access-list extended nat-acl-9

        remark 1:1 NAT 10.219.73.11 > 10.135.40.148

        permit ip any  host 10.219.73.11     log

      !

      ip access-list extended self

        remark Traffic to NetVanta

        permit ip any  any     log

      !

      ip access-list extended wizard-remote-access

        remark do not hand edit this ACL

        permit icmp any  any  echo   log

      !

      !

      !

      ip policy-class Private

        allow list self self

        nat source list nat-acl-101 address 10.132.10.40 overload

        nat source list nat-acl-102 address 10.132.40.221 overload

        nat source list nat-acl-103 address 10.132.40.222 overload

        nat source list nat-acl-104 address 10.132.1.8 overload

        nat source list nat-acl-105 address 10.132.1.7 overload

        nat source list nat-acl-106 address 10.133.40.160 overload

        nat source list nat-acl-107 address 10.2.30.150 overload

        nat source list nat-acl-108 address 10.135.40.147 overload

        nat source list nat-acl-109 address 10.135.40.148 overload

        nat source list nat-acl-110 address 10.135.40.149 overload

        nat source list nat-acl-111 address 10.135.41.100 overload

        nat source list nat-acl-112 address 10.132.40.5 overload

        nat source list wizard-ics interface eth 0/1 overload

      !

      ip policy-class Public

        nat destination list nat-acl-1 address 10.219.73.10

        nat destination list nat-acl-2 address 10.219.73.1

        nat destination list nat-acl-3 address 10.219.73.2

        nat destination list nat-acl-4 address 10.219.73.4

        nat destination list nat-acl-5 address 10.219.73.6

        nat destination list nat-acl-6 address 10.219.73.9

        nat destination list nat-acl-7 address 10.219.73.8

        nat destination list nat-acl-8 address 10.219.73.5

        nat destination list nat-acl-9 address 10.219.73.11

        nat destination list nat-acl-10 address 10.219.73.12

        nat destination list nat-acl-11 address 10.219.73.7

        nat destination list nat-acl-12 address 10.219.73.3

      !

      !

      ip route 0.0.0.0 0.0.0.0 10.219.73.254

      ip route 10.2.0.0 255.255.0.0 10.132.1.1

      ip route 10.19.0.0 255.255.0.0 10.219.73.254

      ip route 10.129.0.0 255.255.0.0 10.132.1.1

      ip route 10.132.0.0 255.255.0.0 10.132.1.1

      ip route 10.133.0.0 255.255.0.0 10.132.1.1

      ip route 10.135.0.0 255.255.0.0 10.132.1.1

      ip route 10.219.73.0 255.255.255.0 10.219.73.254

      ip route 172.16.10.0 255.255.255.0 10.132.1.1

      !

      no tftp server

      no tftp server overwrite

      http authentication LoginUseLocalUsers

      http server

      http session-timeout 2700

      http secure-server

      no snmp agent

      no ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      !

      sip udp 5060

      sip tcp 5060

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        login authentication LoginUseLinePass

        password XXXXXXX

      !

      line telnet 0 4

        login authentication LoginUseLocalUsers

        password password

        no shutdown

      line ssh 0 4

        login authentication LoginUseLocalUsers

        no shutdown

      !

      sntp server 10.132.10.80

      !

      !

      !

      !

      !

      !

      end