Hi Support,
I have an Adtran 3448 at main site. This site is the only site with Internet 5 static ip address. I have a 3430 at remote site. Two sites are connected via P2P Ethenet. I have a video conference system at both location. I natted 1 public ip to the one at main site. I natted 1 public ip tot he one at the remote site. Should the two conference system be able to connect to each other via internal static ip address? Other user outside the network should be able to connect to the conference system via public ip address?
NOTE:
XX.XX.XX.37 nat 192.168.101.126 (Main Site Video Conference System)
XX.XX.XX.38 nat 192.168.101.130 (Remote Site Video Conference System) It goes thru Int Ether 0/2 which is the P2P 10 Meg Ethernet.
Disregard the two T1 card or the ppp1 interface, this was the old P2P 3.0 Meg Connection.
touristsis:
Thank you for providing the detailed information with this question; this is very helpful to assist in troubleshooting. I would like to suggest that in the future you attach the configurations instead of posting them inline This greatly enhances future viewers experience because the post would be much more succinct. I have deleted the two followup posts you made with the remote configuration and ports, but if you would re-add them as attachments, as well as edit the original post to add that configuration as an attachment that would be appreciated.
The main configuration change I would suggest is on the main router, in the Private policy-class. The entry "allow list private" is below the "nat source list wizard-ics interface eth 0/1 overload." Since the most specific entry takes precedence, the "allow list private" will not be used, because the NAT statement above it will match all traffic and NAT the source address to the IP address of Ethernet 0/1. Therefore, when the remote side tries to reply back to the main site, it will try to send traffic to the address of Ethernet 0/1 instead of the private IP address on VLAN 1. If you move the "allow list private" above the NAT statement, hopefully that will resolve the issue. Here is an example of what your configuration would look like (I also made this statement "stateless"):
ip policy-class Private
allow list self self
allow list private stateless
nat source list wizard-ics interface eth 0/1 overload
There are several portions of the configuration that I would recommend modifying because many aspects are not used in this design and may cause problems in the future. You have route-maps, duplicate and repeat ACLs, duplicate route statements, and on the remote router the firewall is enabled, but it is a private network and only one interface has a policy-class assigned to it. In the future I would recommend "cleaning up" both configurations to make the routers more efficient.
Please, let me know if you still have trouble after making this change.
Levi
I still can't get this to work. What does the command stateless do? I have one way audio. We can hear the remote fine, but they cannot hear us. I'm suspecting that it has something to do with PRIMARY media ip address on the P2P. Any suggestion?
touristsis:
One-way audio issues are often caused by SIP/SDP translation issues, incorrect routing and/or firewall configurations. If you would reply and attach the current versions of both the main and remote site's configurations after making some of the changes I suggested previously, I will be happy to review it and make some more suggestions for you.
Levi