cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
drewmon1
New Contributor

Need help with what should be a basic 1:1 NAT config on a 3120.

Hi,

I'm replacing an old SSR2000 router with a 3120.  The SSR is only doing 1:1 NAT just basic convert from IP 10.132.X.X to 10.219.X.X bidirectionally.  I cant for the life of me get this 3120 to work properly.  I have about 12 addresses that need to be NAT'd.  I have some functionality, but not everything.  I feel that all the traffics "seems" to leave the router as 10.219.73.10 address, not all traffic is coming back through.  Thank you for your help.

Configs are listed below:

OLD SSR Config:

Running system configuration:

     !

     ! Last modified from 2014-05-14 16:47:15

     !

1 : vlan create 101building id 1017

2 : vlan create work id 1016

3 : vlan add ports et.1.1-4 to work

4 : vlan add ports et.1.5-8 to 101Building

     !

5 : interface create ip V-work vlan work address-netmask 10.132.1.2/16

6 : interface create ip V-101building vlan 101building address-netmask 10.219.73.1/24

     !

7 : ip add route 10.133.0.0/16 gateway 10.132.1.1 retain

8 : ip add route 10.2.0.0/16 gateway 10.132.1.1 retain

9 : ip add route 10.135.0.0/16 gateway 10.132.1.1 retain

10 : ip add route 10.4.0.0/16 gateway 10.132.1.1 retain

11 : ip add route 172.16.10.0/24 gateway 10.132.1.1 retain

12 : ip add route 10.131.0.0/16 gateway 10.132.1.1 retain

13 : ip add route 10.6.0.0/16 gateway 10.132.1.1 retain

14 : ip add route 10.13.0.0/16 gateway 10.132.1.1 retain

15 : ip add route 10.14.0.0/16 gateway 10.132.1.1 retain

16 : ip add route 10.15.0.0/16 gateway 10.132.1.1 retain

17 : ip add route 10.21.0.0/16 gateway 10.132.1.1 retain

18 : ip add route 10.153.0.0/16 gateway 10.132.1.1 retain

-19 : ip add route 10.154.0.0/16 gateway 10.132.1.1 retain

20 : ip add route 10.1.0.0/16 gateway 10.132.1.1 retain

21 : ip add route 10.129.0.0/16 gateway 10.132.1.1 retain

22 : ip add route default gateway 10.132.1.3

23 : ip add route 10.19.0.0/16 gateway 10.219.73.254 retain

24 : ip add route 10.10.144.0/24 gateway 10.219.73.254 retain

     !

25 : system set name "work-Router"

26 : system set hashed-password login FpyZWR f8525d48b881be63ae2ce2289a83170c

27 : system set hashed-password enable FpyZWR 2d24ea89f5047c0823f9cf52e0bc31ad

28 : system set idle-timeout serial 20

29 : system set idle-timeout telnet 20

     !

30 : nat set secure-plus on

31 : nat set interface V-work inside

32 : nat set interface V-101building outside

33 : nat create static local-ip 10.132.10.40 global-ip 10.219.73.10 protocol ip

34 : nat create static local-ip 10.132.40.221 global-ip 10.219.73.1 protocol ip

35 : nat create static local-ip 10.132.40.222 global-ip 10.219.73.2 protocol ip

36 : nat create static local-ip 10.132.1.8 global-ip 10.219.73.4 protocol ip

37 : nat create static local-ip 10.132.1.7 global-ip 10.219.73.6 protocol ip

38 : nat create static local-ip 10.133.40.160 global-ip 10.219.73.9 protocol ip

39 : nat create static local-ip 10.2.30.150 global-ip 10.219.73.8 protocol ip

-40 : nat create static local-ip 10.135.40.147 global-ip 10.219.73.5 protocol ip

41 : nat create static local-ip 10.132.40.5 global-ip 10.219.73.3 protocol ip

42 : nat create static local-ip 10.135.41.100 global-ip 10.219.73.7 protocol ip

43 : nat create static local-ip 10.135.40.148 global-ip 10.219.73.11 protocol ip

44 : nat create static local-ip 10.135.40.149 global-ip 10.219.73.12 protocol ip

work-Router(config)#

Current Adtran 3120 Config:

! ADTRAN OS version R12.2.0.SA.E

! Boot ROM version 17.01.01.00

! Platform: NetVanta 3120, part number 1700601G2

! Serial number LBADTN1521AT158

!

!

hostname "work-Router"

enable password Youllneverknow

!

clock timezone -5-Eastern-Time

!

ip subnet-zero

ip classless

ip default-gateway 10.132.1.3

ip routing

domain-name "work.local"

domain-proxy

name-server 10.132.10.3 10.132.10.2

!

!

no auto-config

!

event-history on

no logging forwarding

logging forwarding priority-level info

no logging email

!

no service password-encryption

!

portal-list "admin" console ftp http-admin ssh telnet

!

username "dXXX" portal-list "admin" password "XXXXXXXX"

username "xXXadmin" portal-list "admin" password "XXXXXXXX"

!

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

!

aaa on

ftp authentication LoginUseLocalUsers

!

!

aaa authentication login LoginUseTacacs group tacacs+

aaa authentication login LoginUseRadius group radius

aaa authentication login LoginUseLocalUsers local

aaa authentication login LoginUseLinePass line

!

aaa authentication enable default enable

!

aaa authentication port-auth default local

!

!

!

no dot11ap access-point-control

!

!

!

!

!

!

!

!

!

!

!

!

!

!

vlan 1

  name "Default"

!

vlan 506

  name "work"

!

vlan 507

  name "101building"

!

!

interface eth 0/1

  description 101building Connection

  ip address  10.219.73.10  255.255.255.0

  ip mtu 1500

  no awcp

  no shutdown

  no lldp send-and-receive

!

!

interface switchport 0/1

  no shutdown

  switchport access vlan 506

!

interface switchport 0/2

  no shutdown

  switchport access vlan 506

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  no shutdown

!

!

!

interface vlan 1

  no ip address

  shutdown

!

interface vlan 506

  description work-Router

  ip address  10.132.1.2  255.255.0.0

  ip mtu 1500

  ip access-policy Private

  no rtp quality-monitoring

  no awcp

  no shutdown

!

interface vlan 507

  description State

  no ip address

  shutdown

!

!

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended nat-acl-1

  remark 1:1 NAT 10.219.73.10 > 10.132.10.40

  permit ip any  host 10.219.73.10     log

!

ip access-list extended nat-acl-10

  remark 1:1 NAT 10.219.73.12 > 10.135.40.149

  permit ip any  host 10.219.73.12     log

!

ip access-list extended nat-acl-101

  remark 1:1 NAT 10.132.10.40 > 10.219.73.10

  permit ip any  host 10.132.10.40     log

!

ip access-list extended nat-acl-102

  remark 1:1 NAT 10.132.40.221 > 10.219.73.1

  permit ip any  host 10.132.40.221     log

!

ip access-list extended nat-acl-103

  remark 1:1 NAT 10.132.40.222 > 10.219.73.2

  permit ip any  host 10.132.40.222     log

!

ip access-list extended nat-acl-104

  remark 1:1 NAT 10.132.1.8 > 10.219.73.4

  permit ip any  host 10.132.1.8     log

!

ip access-list extended nat-acl-105

  remark 1:1 NAT 10.132.1.7 > 10.219.73.6

  permit ip any  host 10.132.1.7     log

!

ip access-list extended nat-acl-106

  remark 1:1 NAT 10.133.40.160 > 10.219.73.9

  permit ip any  host 10.133.40.160     log

!

ip access-list extended nat-acl-107

  remark 1:1 NAT 10.2.30.150 > 10.219.73.8

  permit ip any  host 10.2.30.150     log

!

ip access-list extended nat-acl-108

  remark 1:1 NAT 10.135.40.147 > 10.219.73.5

  permit ip any  host 10.135.40.147     log

!

ip access-list extended nat-acl-109

  remark 1:1 NAT 10.135.40.148 > 10.219.73.11

  permit ip any  host 10.135.40.148     log

!

ip access-list extended nat-acl-11

  remark 1:1 NAT 10.219.73.7 > 10.135.41.100

  permit ip any  host 10.219.73.7     log

!

ip access-list extended nat-acl-110

  remark 1:1 NAT 10.135.40.149 > 10.219.73.12

  permit ip any  host 10.135.40.149     log

!

ip access-list extended nat-acl-111

  remark 1:1 NAT 10.135.41.100 > 10.219.73.7

  permit ip any  host 10.135.41.100     log

!

ip access-list extended nat-acl-112

  remark 1:1 NAT 10.132.40.5 > 10.219.73.3

  permit ip any  host 10.132.40.5     log

!

ip access-list extended nat-acl-12

  remark 1:1 NAT 10.219.73.3 > 10.132.40.5

  permit ip any  host 10.219.73.3     log

!

ip access-list extended nat-acl-2

  remark 1:1 NAT 10.219.73.1 > 10.132.40.221

  permit ip any  host 10.219.73.1     log

!

ip access-list extended nat-acl-3

  remark 1:1 NAT 10.219.73.2 > 10.132.40.222

  permit ip any  host 10.219.73.2     log

!

ip access-list extended nat-acl-4

  remark 1:1 NAT 10.219.73.4 > 10.132.1.8

  permit ip any  host 10.219.73.4     log

!

ip access-list extended nat-acl-5

  remark 1:1 NAT 10.219.73.6 > 10.132.1.7

  permit ip any  host 10.219.73.6     log

!

ip access-list extended nat-acl-6

  remark 1:1 NAT 10.219.73.9 > 10.133.40.160

  permit ip any  host 10.219.73.9     log

!

ip access-list extended nat-acl-7

  remark 1:1 NAT 10.219.73.8 > 10.2.30.150

  permit ip any  host 10.219.73.8     log

!

ip access-list extended nat-acl-8

  remark 1:1 NAT 10.219.73.5 > 10.135.40.147

  permit ip any  host 10.219.73.5     log

!

ip access-list extended nat-acl-9

  remark 1:1 NAT 10.219.73.11 > 10.135.40.148

  permit ip any  host 10.219.73.11     log

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

ip access-list extended wizard-remote-access

  remark do not hand edit this ACL

  permit icmp any  any  echo   log

!

!

!

ip policy-class Private

  allow list self self

  nat source list nat-acl-101 address 10.132.10.40 overload

  nat source list nat-acl-102 address 10.132.40.221 overload

  nat source list nat-acl-103 address 10.132.40.222 overload

  nat source list nat-acl-104 address 10.132.1.8 overload

  nat source list nat-acl-105 address 10.132.1.7 overload

  nat source list nat-acl-106 address 10.133.40.160 overload

  nat source list nat-acl-107 address 10.2.30.150 overload

  nat source list nat-acl-108 address 10.135.40.147 overload

  nat source list nat-acl-109 address 10.135.40.148 overload

  nat source list nat-acl-110 address 10.135.40.149 overload

  nat source list nat-acl-111 address 10.135.41.100 overload

  nat source list nat-acl-112 address 10.132.40.5 overload

  nat source list wizard-ics interface eth 0/1 overload

!

ip policy-class Public

  nat destination list nat-acl-1 address 10.219.73.10

  nat destination list nat-acl-2 address 10.219.73.1

  nat destination list nat-acl-3 address 10.219.73.2

  nat destination list nat-acl-4 address 10.219.73.4

  nat destination list nat-acl-5 address 10.219.73.6

  nat destination list nat-acl-6 address 10.219.73.9

  nat destination list nat-acl-7 address 10.219.73.8

  nat destination list nat-acl-8 address 10.219.73.5

  nat destination list nat-acl-9 address 10.219.73.11

  nat destination list nat-acl-10 address 10.219.73.12

  nat destination list nat-acl-11 address 10.219.73.7

  nat destination list nat-acl-12 address 10.219.73.3

!

!

ip route 0.0.0.0 0.0.0.0 10.219.73.254

ip route 10.2.0.0 255.255.0.0 10.132.1.1

ip route 10.19.0.0 255.255.0.0 10.219.73.254

ip route 10.129.0.0 255.255.0.0 10.132.1.1

ip route 10.132.0.0 255.255.0.0 10.132.1.1

ip route 10.133.0.0 255.255.0.0 10.132.1.1

ip route 10.135.0.0 255.255.0.0 10.132.1.1

ip route 10.219.73.0 255.255.255.0 10.219.73.254

ip route 172.16.10.0 255.255.255.0 10.132.1.1

!

no tftp server

no tftp server overwrite

http authentication LoginUseLocalUsers

http server

http session-timeout 2700

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

!

sip udp 5060

sip tcp 5060

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

line con 0

  login authentication LoginUseLinePass

  password XXXXXXX

!

line telnet 0 4

  login authentication LoginUseLocalUsers

  password password

  no shutdown

line ssh 0 4

  login authentication LoginUseLocalUsers

  no shutdown

!

sntp server 10.132.10.80

!

!

!

!

!

!

end

Labels (4)