cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
g-man
New Contributor

Configuring TA924as a Basic Router

Jump to solution

Hello, I a have a TA924 providing PRI and analog services and I wanted to add the ability to also use the TA as a Router/Firewall. I have been trying to get it working but so far no luck. Currently I have eth0/1 connected to my internet connection and eth0/2 for my LAN on 10.1.88.1. I also have a secondary ip on eth02 as 192.168.88.1. Not sure how to pass traffic to the internet.

Any help would be greatly appreciated.

Labels (4)
0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

See added config in bold:

!

interface eth 0/1

  description WAN

  ip address  100.100.100.1  255.255.255.248

  media-gateway ip primary

  ip access-policy Public

  no shutdown

!

!

interface eth 0/2

  description LAN

  ip address  10.1.88.1  255.255.255.0

  no awcp

  ip access-policy Private

  no shutdown

!

!

ip access-list standard allow-all

  remark allow all traffic

  permit any

!

!

ip policy-class Public

  allow list allow-all self

!

!

ip policy-class Private

  nat source list allow-all interface ethernet 0/1 overload policy Public

  allow list allow-all self

!

!

! Note, you have both ip default-gateway 100.100.100.10 and ip route 0.0.0.0 0.0.0.0 100.100.100.1 in your configuration. Remove the ip default-gateway and change ip route 0.0.0.0 0.0.0.0 w.x.y.z to point to your ISP side of the WAN link, not your own interface. Then configure:

ip firewall

View solution in original post

0 Kudos
7 Replies
jayh
Honored Contributor
Honored Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

Are you using the setup wizard or the CLI? I'd recommend creating VLANs on subinterfaces of eth 0/2 rather than secondary IPs. A copy of the configuration and a summary of what is and isn't working would help.

The basic idea is to create firewall security zones for Public and Private and NAT the private to the Public interface with overload.

g-man
New Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

Jayh,

Thank you for your response. My current config is working for my PRI and analog fax lines. I actually really only need 1 LAN subnet, but point taken about the VPN. At this point what I am trying to do is putt an IP PBX behind the Adtran to replace the system with the PRI.  I was watching some videos last night regarding an SBC setup, but I imagine that requires a working LAN setup. I am using the CLI but I will use whatever works! I tried duplicating your post from Router is up/up but can't connect to Internet from LAN substituting the interface ppp 1 for eth 0/1 with no success. I also found some similar post as well with no success. I did see the ease of using the firewall wizard I was just paranoid it would mess up more working config and I would loose voice all together. Any help pointing me the correct direction would be great!

!
!
! ADTRAN, Inc. OS version R10.9.5.E
! Boot ROM version R10.9.3.B1
! Platform: Total Access 900e (3rd Gen), part number 4243924F1
! Serial number CFG1363988
!

clock timezone -8
!
ip subnet-zero
ip classless
ip default-gateway 100.100.100.10
ip routing
ipv6 unicast-routing
!
!
name-server 8.8.8.8
!
!
auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
!
!
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!

no dot11ap access-point-control
!
interface eth 0/1
  description WAN
  ip address  100.100.100.1  255.255.255.248
  media-gateway ip primary
  no shutdown
!
!
interface eth 0/2
  description LAN
  ip address  10.1.88.1  255.255.255.0
  no awcp
  no shutdown
!
!
!
interface gigabit-eth 0/1
  shutdown
!
!
!
!
interface t1 0/1
  shutdown
!
interface t1 0/2
  shutdown
!
interface t1 0/3
  lbo short 15
  tdm-group 1 timeslots 1-24 speed 64
  no shutdown
!
interface t1 0/4
  shutdown
!
!
interface pri 1
  isdn name-delivery proceeding
  connect t1 0/3 tdm-group 1
  digits-transferred 4
  no shutdown
!
!
interface fxs 0/1
  impedance 600r
  no shutdown
!
interface fxs 0/2
  no shutdown
!
interface fxs 0/3
  no shutdown
!
interface fxs 0/4
  no shutdown
!
interface fxs 0/5
  no shutdown
!
interface fxs 0/6
  no shutdown
!
interface fxs 0/7
  no shutdown
!
interface fxs 0/8
  no shutdown
!
interface fxs 0/9
  no shutdown
!
interface fxs 0/10
  no shutdown
!
interface fxs 0/11
  no shutdown
!
interface fxs 0/12
  no shutdown
!
interface fxs 0/13
  no shutdown
!
interface fxs 0/14
  no shutdown
!
interface fxs 0/15
  no shutdown
!
interface fxs 0/16
  no shutdown
!
interface fxs 0/17
  no shutdown
!
interface fxs 0/18
  no shutdown
!
interface fxs 0/19
  no shutdown
!
interface fxs 0/20
  no shutdown
!
interface fxs 0/21
  no shutdown
!
interface fxs 0/22
  no shutdown
!
interface fxs 0/23
  no shutdown
!
interface fxs 0/24
  no shutdown
!
!
isdn-group 1
  connect pri 1
!
ip access-list standard mgmt-allow-list
  permit host X.X.X.X 
!
ip access-list standard sip-allow-list
  permit hostname X.X.X
  permit host X.X.X.X
!

!

ip route 0.0.0.0 0.0.0.0 100.100.100.1
!
no tftp server
no tftp server overwrite
http server
http secure-server
no snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
sip
sip udp 5060
no sip tcp
!
voice feature-mode network
voice forward-mode network
!

voice dial-plan 2 long-distance 1-NXX-NXX-XXXX
!

voice codec-list VOICE
  default
  codec g711ulaw
!
voice codec-list FAX
  codec g711ulaw
!

voice trunk T01 type sip
  description "SIP"
  match dnis "91-NXX-NXX-XXXX" substitute "1-NXX-NXX-XXXX"
  match dnis "9NXX-XXXX" substitute "1-555-NXX-XXXX"
  match dnis "NXX-NXX-XXXX" substitute "1-NXX-NXX-XXXX"
  match dnis "NXX-XXXX" substitute "1-555-NXX-XXXX"
  sip-server primary X.X.X.X
  registrar primary X.X.X.X
  domain "X.X.X.X"
  register XXXXX auth-name "XXX" password "XXXXX"
  codec-list VOICE both
  authentication username "XXX" password "XXXXX"
!
voice trunk T02 type isdn
  description "DSX-1"
  resource-selection linear ascending
  connect isdn-group 1
  no early-cut-through
  match dnis "1800XXX" substitute "XXX"
  match dnis "1844XXXX" substitute "XXX"
  rtp delay-mode adaptive
  codec-list VOICE
!
!
voice grouped-trunk SIP
  trunk T01
  accept $ cost 0
!
!
voice grouped-trunk ISDN
  trunk T02
  accept XXXXXXX cost 0

!
!
!
!
voice user 1001
  connect fxs 0/1
  description "COM1"
  modem-passthrough
  codec-list VOICE
!
!
voice user 1002
  connect fxs 0/2
  description "COM2"
  caller-id-override external-number XXXX
  modem-passthrough
  codec-list VOICE
!
!
voice user 1003
  connect fxs 0/3
  caller-id-override external-number XXXX
  modem-passthrough
  codec-list VOICE
!
!
voice user 1004
  connect fxs 0/4
  caller-id-override external-number XXXX
  did "XXXX"
  modem-passthrough
  codec-list VOICE
!
!
voice user 1005
  connect fxs 0/5
  modem-passthrough
  codec-list VOICE
!
!
voice user 1006
  connect fxs 0/6
  modem-passthrough
  codec-list VOICE
!
!
voice user 1007
  modem-passthrough
  codec-list VOICE
!
!
voice user 1008
  modem-passthrough
  codec-list VOICE
!
!
voice user 1009
  modem-passthrough
  codec-list VOICE
!
voice user 1010
  modem-passthrough
  codec-list VOICE
!
!

sip access-class ip "sip-allow-list" in
!

line con 0
  no login
!
line telnet 0 4
  login local-userlist
  password password
  shutdown
  ip access-class mgmt-allow-list in
line ssh 0 4
  login local-userlist
  no shutdown
  ip access-class mgmt-allow-list in
!

end

jayh
Honored Contributor
Honored Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

See added config in bold:

!

interface eth 0/1

  description WAN

  ip address  100.100.100.1  255.255.255.248

  media-gateway ip primary

  ip access-policy Public

  no shutdown

!

!

interface eth 0/2

  description LAN

  ip address  10.1.88.1  255.255.255.0

  no awcp

  ip access-policy Private

  no shutdown

!

!

ip access-list standard allow-all

  remark allow all traffic

  permit any

!

!

ip policy-class Public

  allow list allow-all self

!

!

ip policy-class Private

  nat source list allow-all interface ethernet 0/1 overload policy Public

  allow list allow-all self

!

!

! Note, you have both ip default-gateway 100.100.100.10 and ip route 0.0.0.0 0.0.0.0 100.100.100.1 in your configuration. Remove the ip default-gateway and change ip route 0.0.0.0 0.0.0.0 w.x.y.z to point to your ISP side of the WAN link, not your own interface. Then configure:

ip firewall

0 Kudos
g-man
New Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

Jayh,

Thank you, I was able to borrow an Adtran that was not in production to do some testing. Using the firewall wizard and setting up the route tables, exactly what you were saying, I had success!!!

When using the Adtan for both Voice and Data services, how will the rules we just implemented effect the PRI and Analog Lines on my production system if at all?

Thanks for your suggestions

jayh
Honored Contributor
Honored Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

From a routing standpoint, they won't be affected. It's possible that the LAN data users can negatively impact voice call quality if they saturate the link to your ISP. You can apply quality of service rules to prioritize voice traffic if needed. That's a separate discussion.

g-man
New Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

Jayh,

I went ahead and used the firewall wizard after applying it I could make outbound calls but lost inbound calls?

g-man
New Contributor

Re: Configuring TA924as a Basic Router

Jump to solution

Jayh,

I think the Firewall wizard maybe overwrote my ACL's. Started over with CLI and I now can access internet from LAN.