cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Adtran 3448 Main site 1 to 1 nat to remote site. Can't get to work

Hi Support,

I have an Adtran 3448 at main site.  This site is the only site with Internet 5 static ip address.  I have a 3430 at remote site.  Two sites are connected via P2P Ethenet.  I have a video conference system at both location.  I natted 1 public ip to the one at main site.  I natted 1 public ip tot he one at the remote site.  Should the two conference system be able to connect to each other via internal static ip address?  Other user outside the network should be able to connect to the conference system via public ip address?

NOTE:

XX.XX.XX.37 nat 192.168.101.126 (Main Site Video Conference System)
XX.XX.XX.38 nat 192.168.101.130 (Remote Site Video Conference System)  It goes thru Int Ether 0/2 which is the P2P 10 Meg Ethernet.
Disregard the two T1 card or the ppp1 interface, this was the old P2P 3.0 Meg Connection.

Labels (3)
Tags (2)
0 Kudos
4 Replies
Anonymous
Not applicable

Re: Adtran 3448 Main site 1 to 1 nat to remote site. Can't get to work

touristsis:

Thank you for providing the detailed information with this question; this is very helpful to assist in troubleshooting.  I would like to suggest that in the future you attach the configurations instead of posting them inline  This greatly enhances future viewers experience because the post would be much more succinct. I have deleted the two followup posts you made with the remote configuration and ports, but if you would re-add them as attachments, as well as edit the original post to add that configuration as an attachment that would be appreciated.

The main configuration change I would suggest is on the main router, in the Private policy-class.  The entry "allow list private" is below the "nat source list wizard-ics interface eth 0/1 overload."  Since the most specific entry takes precedence, the "allow list private" will not be used, because the NAT statement above it will match all traffic and NAT the source address to the IP address of Ethernet 0/1.  Therefore, when the remote side tries to reply back to the main site, it will try to send traffic to the address of Ethernet 0/1 instead of the private IP address on VLAN 1.  If you move the "allow list private" above the NAT statement, hopefully that will resolve the issue.  Here is an example of what your configuration would look like (I also made this statement "stateless"):

ip policy-class Private

  allow list self self

  allow list private stateless

  nat source list wizard-ics interface eth 0/1 overload

There are several portions of the configuration that I would recommend modifying because many aspects are not used in this design and may cause problems in the future.  You have route-maps, duplicate and repeat ACLs, duplicate route statements, and on the remote router the firewall is enabled, but it is a private network and only one interface has a policy-class assigned to it.  In the future I would recommend "cleaning up" both configurations to make the routers more efficient.

Please, let me know if you still have trouble after making this change.

Levi

Anonymous
Not applicable

Re: Adtran 3448 Main site 1 to 1 nat to remote site. Can't get to work

I still can't get this to work.  What does the command stateless do?  I have one way audio.  We can hear the remote fine, but they cannot hear us.  I'm suspecting that it has something to do with PRIMARY media ip address on the P2P.  Any suggestion?

Anonymous
Not applicable

Re: Adtran 3448 Main site 1 to 1 nat to remote site. Can't get to work

touristsis:

One-way audio issues are often caused by SIP/SDP translation issues, incorrect routing and/or firewall configurations.  If you would reply and attach the current versions of both the main and remote site's configurations after making some of the changes I suggested previously, I will be happy to review it and make some more suggestions for you.

Levi

Anonymous
Not applicable

Re: Adtran 3448 Main site 1 to 1 nat to remote site. Can't get to work

:

I went ahead and marked this post as "assumed answered".  Feel free to mark any correct or helpful answers from this post.  If you still need assistance with this issue I would be more than happy to help, just let me know in a reply.

Levi