Hi,
I'm replacing an old SSR2000 router with a 3120. The SSR is only doing 1:1 NAT just basic convert from IP 10.132.X.X to 10.219.X.X bidirectionally. I cant for the life of me get this 3120 to work properly. I have about 12 addresses that need to be NAT'd. I have some functionality, but not everything. I feel that all the traffics "seems" to leave the router as 10.219.73.10 address, not all traffic is coming back through. Thank you for your help.
Configs are listed below:
OLD SSR Config:
Running system configuration:
!
! Last modified from 2014-05-14 16:47:15
!
1 : vlan create 101building id 1017
2 : vlan create work id 1016
3 : vlan add ports et.1.1-4 to work
4 : vlan add ports et.1.5-8 to 101Building
!
5 : interface create ip V-work vlan work address-netmask 10.132.1.2/16
6 : interface create ip V-101building vlan 101building address-netmask 10.219.73.1/24
!
7 : ip add route 10.133.0.0/16 gateway 10.132.1.1 retain
8 : ip add route 10.2.0.0/16 gateway 10.132.1.1 retain
9 : ip add route 10.135.0.0/16 gateway 10.132.1.1 retain
10 : ip add route 10.4.0.0/16 gateway 10.132.1.1 retain
11 : ip add route 172.16.10.0/24 gateway 10.132.1.1 retain
12 : ip add route 10.131.0.0/16 gateway 10.132.1.1 retain
13 : ip add route 10.6.0.0/16 gateway 10.132.1.1 retain
14 : ip add route 10.13.0.0/16 gateway 10.132.1.1 retain
15 : ip add route 10.14.0.0/16 gateway 10.132.1.1 retain
16 : ip add route 10.15.0.0/16 gateway 10.132.1.1 retain
17 : ip add route 10.21.0.0/16 gateway 10.132.1.1 retain
18 : ip add route 10.153.0.0/16 gateway 10.132.1.1 retain
-19 : ip add route 10.154.0.0/16 gateway 10.132.1.1 retain
20 : ip add route 10.1.0.0/16 gateway 10.132.1.1 retain
21 : ip add route 10.129.0.0/16 gateway 10.132.1.1 retain
22 : ip add route default gateway 10.132.1.3
23 : ip add route 10.19.0.0/16 gateway 10.219.73.254 retain
24 : ip add route 10.10.144.0/24 gateway 10.219.73.254 retain
!
25 : system set name "work-Router"
26 : system set hashed-password login FpyZWR f8525d48b881be63ae2ce2289a83170c
27 : system set hashed-password enable FpyZWR 2d24ea89f5047c0823f9cf52e0bc31ad
28 : system set idle-timeout serial 20
29 : system set idle-timeout telnet 20
!
30 : nat set secure-plus on
31 : nat set interface V-work inside
32 : nat set interface V-101building outside
33 : nat create static local-ip 10.132.10.40 global-ip 10.219.73.10 protocol ip
34 : nat create static local-ip 10.132.40.221 global-ip 10.219.73.1 protocol ip
35 : nat create static local-ip 10.132.40.222 global-ip 10.219.73.2 protocol ip
36 : nat create static local-ip 10.132.1.8 global-ip 10.219.73.4 protocol ip
37 : nat create static local-ip 10.132.1.7 global-ip 10.219.73.6 protocol ip
38 : nat create static local-ip 10.133.40.160 global-ip 10.219.73.9 protocol ip
39 : nat create static local-ip 10.2.30.150 global-ip 10.219.73.8 protocol ip
-40 : nat create static local-ip 10.135.40.147 global-ip 10.219.73.5 protocol ip
41 : nat create static local-ip 10.132.40.5 global-ip 10.219.73.3 protocol ip
42 : nat create static local-ip 10.135.41.100 global-ip 10.219.73.7 protocol ip
43 : nat create static local-ip 10.135.40.148 global-ip 10.219.73.11 protocol ip
44 : nat create static local-ip 10.135.40.149 global-ip 10.219.73.12 protocol ip
work-Router(config)#
Current Adtran 3120 Config:
! ADTRAN OS version R12.2.0.SA.E
! Boot ROM version 17.01.01.00
! Platform: NetVanta 3120, part number 1700601G2
! Serial number LBADTN1521AT158
!
!
hostname "work-Router"
enable password Youllneverknow
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip default-gateway 10.132.1.3
ip routing
domain-name "work.local"
domain-proxy
name-server 10.132.10.3 10.132.10.2
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
no service password-encryption
!
portal-list "admin" console ftp http-admin ssh telnet
!
username "dXXX" portal-list "admin" password "XXXXXXXX"
username "xXXadmin" portal-list "admin" password "XXXXXXXX"
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
aaa on
ftp authentication LoginUseLocalUsers
!
!
aaa authentication login LoginUseTacacs group tacacs+
aaa authentication login LoginUseRadius group radius
aaa authentication login LoginUseLocalUsers local
aaa authentication login LoginUseLinePass line
!
aaa authentication enable default enable
!
aaa authentication port-auth default local
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vlan 1
name "Default"
!
vlan 506
name "work"
!
vlan 507
name "101building"
!
!
interface eth 0/1
description 101building Connection
ip address 10.219.73.10 255.255.255.0
ip mtu 1500
no awcp
no shutdown
no lldp send-and-receive
!
!
interface switchport 0/1
no shutdown
switchport access vlan 506
!
interface switchport 0/2
no shutdown
switchport access vlan 506
!
interface switchport 0/3
no shutdown
!
interface switchport 0/4
no shutdown
!
!
!
interface vlan 1
no ip address
shutdown
!
interface vlan 506
description work-Router
ip address 10.132.1.2 255.255.0.0
ip mtu 1500
ip access-policy Private
no rtp quality-monitoring
no awcp
no shutdown
!
interface vlan 507
description State
no ip address
shutdown
!
!
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended nat-acl-1
remark 1:1 NAT 10.219.73.10 > 10.132.10.40
permit ip any host 10.219.73.10 log
!
ip access-list extended nat-acl-10
remark 1:1 NAT 10.219.73.12 > 10.135.40.149
permit ip any host 10.219.73.12 log
!
ip access-list extended nat-acl-101
remark 1:1 NAT 10.132.10.40 > 10.219.73.10
permit ip any host 10.132.10.40 log
!
ip access-list extended nat-acl-102
remark 1:1 NAT 10.132.40.221 > 10.219.73.1
permit ip any host 10.132.40.221 log
!
ip access-list extended nat-acl-103
remark 1:1 NAT 10.132.40.222 > 10.219.73.2
permit ip any host 10.132.40.222 log
!
ip access-list extended nat-acl-104
remark 1:1 NAT 10.132.1.8 > 10.219.73.4
permit ip any host 10.132.1.8 log
!
ip access-list extended nat-acl-105
remark 1:1 NAT 10.132.1.7 > 10.219.73.6
permit ip any host 10.132.1.7 log
!
ip access-list extended nat-acl-106
remark 1:1 NAT 10.133.40.160 > 10.219.73.9
permit ip any host 10.133.40.160 log
!
ip access-list extended nat-acl-107
remark 1:1 NAT 10.2.30.150 > 10.219.73.8
permit ip any host 10.2.30.150 log
!
ip access-list extended nat-acl-108
remark 1:1 NAT 10.135.40.147 > 10.219.73.5
permit ip any host 10.135.40.147 log
!
ip access-list extended nat-acl-109
remark 1:1 NAT 10.135.40.148 > 10.219.73.11
permit ip any host 10.135.40.148 log
!
ip access-list extended nat-acl-11
remark 1:1 NAT 10.219.73.7 > 10.135.41.100
permit ip any host 10.219.73.7 log
!
ip access-list extended nat-acl-110
remark 1:1 NAT 10.135.40.149 > 10.219.73.12
permit ip any host 10.135.40.149 log
!
ip access-list extended nat-acl-111
remark 1:1 NAT 10.135.41.100 > 10.219.73.7
permit ip any host 10.135.41.100 log
!
ip access-list extended nat-acl-112
remark 1:1 NAT 10.132.40.5 > 10.219.73.3
permit ip any host 10.132.40.5 log
!
ip access-list extended nat-acl-12
remark 1:1 NAT 10.219.73.3 > 10.132.40.5
permit ip any host 10.219.73.3 log
!
ip access-list extended nat-acl-2
remark 1:1 NAT 10.219.73.1 > 10.132.40.221
permit ip any host 10.219.73.1 log
!
ip access-list extended nat-acl-3
remark 1:1 NAT 10.219.73.2 > 10.132.40.222
permit ip any host 10.219.73.2 log
!
ip access-list extended nat-acl-4
remark 1:1 NAT 10.219.73.4 > 10.132.1.8
permit ip any host 10.219.73.4 log
!
ip access-list extended nat-acl-5
remark 1:1 NAT 10.219.73.6 > 10.132.1.7
permit ip any host 10.219.73.6 log
!
ip access-list extended nat-acl-6
remark 1:1 NAT 10.219.73.9 > 10.133.40.160
permit ip any host 10.219.73.9 log
!
ip access-list extended nat-acl-7
remark 1:1 NAT 10.219.73.8 > 10.2.30.150
permit ip any host 10.219.73.8 log
!
ip access-list extended nat-acl-8
remark 1:1 NAT 10.219.73.5 > 10.135.40.147
permit ip any host 10.219.73.5 log
!
ip access-list extended nat-acl-9
remark 1:1 NAT 10.219.73.11 > 10.135.40.148
permit ip any host 10.219.73.11 log
!
ip access-list extended self
remark Traffic to NetVanta
permit ip any any log
!
ip access-list extended wizard-remote-access
remark do not hand edit this ACL
permit icmp any any echo log
!
!
!
ip policy-class Private
allow list self self
nat source list nat-acl-101 address 10.132.10.40 overload
nat source list nat-acl-102 address 10.132.40.221 overload
nat source list nat-acl-103 address 10.132.40.222 overload
nat source list nat-acl-104 address 10.132.1.8 overload
nat source list nat-acl-105 address 10.132.1.7 overload
nat source list nat-acl-106 address 10.133.40.160 overload
nat source list nat-acl-107 address 10.2.30.150 overload
nat source list nat-acl-108 address 10.135.40.147 overload
nat source list nat-acl-109 address 10.135.40.148 overload
nat source list nat-acl-110 address 10.135.40.149 overload
nat source list nat-acl-111 address 10.135.41.100 overload
nat source list nat-acl-112 address 10.132.40.5 overload
nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
nat destination list nat-acl-1 address 10.219.73.10
nat destination list nat-acl-2 address 10.219.73.1
nat destination list nat-acl-3 address 10.219.73.2
nat destination list nat-acl-4 address 10.219.73.4
nat destination list nat-acl-5 address 10.219.73.6
nat destination list nat-acl-6 address 10.219.73.9
nat destination list nat-acl-7 address 10.219.73.8
nat destination list nat-acl-8 address 10.219.73.5
nat destination list nat-acl-9 address 10.219.73.11
nat destination list nat-acl-10 address 10.219.73.12
nat destination list nat-acl-11 address 10.219.73.7
nat destination list nat-acl-12 address 10.219.73.3
!
!
ip route 0.0.0.0 0.0.0.0 10.219.73.254
ip route 10.2.0.0 255.255.0.0 10.132.1.1
ip route 10.19.0.0 255.255.0.0 10.219.73.254
ip route 10.129.0.0 255.255.0.0 10.132.1.1
ip route 10.132.0.0 255.255.0.0 10.132.1.1
ip route 10.133.0.0 255.255.0.0 10.132.1.1
ip route 10.135.0.0 255.255.0.0 10.132.1.1
ip route 10.219.73.0 255.255.255.0 10.219.73.254
ip route 172.16.10.0 255.255.255.0 10.132.1.1
!
no tftp server
no tftp server overwrite
http authentication LoginUseLocalUsers
http server
http session-timeout 2700
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
!
sip udp 5060
sip tcp 5060
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
login authentication LoginUseLinePass
password XXXXXXX
!
line telnet 0 4
login authentication LoginUseLocalUsers
password password
no shutdown
line ssh 0 4
login authentication LoginUseLocalUsers
no shutdown
!
sntp server 10.132.10.80
!
!
!
!
!
!
end