hi guys
here is my setup :
I have a netvanta 3448 on site with 2 wan access. The first Wan link is my SIP trunk and the seconth link is to connect my phone system on Site A to the phone system in Site B.
My phone system is connected on the switchport 1. My issue is i need to connect the Lan of my customer on the 3448 to be able to see the phone system from their network for softphone use.
the phone system ip address is 172.16.30.10 on Vlan 1
can i connect my customer Lan into the 3448 by a switchport?
we tried connecting the switchport 2 to the customer sonicwall switchport where they programmed the interface on the same subnet as my vlan 1 but it didnt work. i was able to ping their network from my laptop connected to the 3448 on vlan 1
but we were not able to ping the netvanta from their Lan wich is weird to me
thanks
Thank you for providing the additional clarification; that helps. The setup you described should work just fine, but you may need to add some static routes and modify the firewall settings. As far as the ADTRAN unit is concerned, for devices in VLAN 1 to communicate with VLAN 100, they will simply need to be allowed through the firewall. There is an example of this in the Configuring InterVLAN Routing in AOS guide.
Furthermore, if the devices on VLAN 100 are using the Sonicwall as their default-gateway, then the Sonicwall will need a static route pointing to the ADTRAN's VLAN 100 IP address. The route in the Sonicwall would be something like "to get to the 172.16.30.0 /24 network, send my traffic to 10.192.168.16.250."
Let me know what questions you have.
Levi
Thank you for asking this question in the support community. I will be happy to help, but I'm confused as to what you are intending to do. Do you have a network diagram with what you are trying to accomplish? Is the customer's LAN in the same subnet as the phone system (VLAN 1)? What subnets need to communicate, or over what interfaces? What does the Sonicwall have to do with the network design?
If you get a chance, please reply with some additional information, and I will be happy to assist you in any way I can.
Levi
thanks for the reply Levi
I do not have a diagram but i will try to answer your questions
at this moment my Phone system is connected through the switch port 0/1 on Vlan 1 : 172.16.30.1/24
I would like to connect another Lan by the switch port 0/8 on wich i have programmed the vlan 100 in the same subnet as my customer network : 192.168.16.0/24
My customer have his own network on the subnet 192.168.16.0/24 without vlans with his own internet access via a sonic wall router.
I need to connect my Lan segment with the 3448 to his Lan segment by a switchport because i have no other WAN ports left.
i am not sure if it is possible
my objective is to be able to connect to the phone system connected to Vlan 1 172.16.30.1/24 in the 3448 switch port 0/1 by their network 192.168.16.0/24 who cna be linked to my lan through switch port 0/8 vlan 100 192.168.16.250
am i clear enough?
Thank you for providing the additional clarification; that helps. The setup you described should work just fine, but you may need to add some static routes and modify the firewall settings. As far as the ADTRAN unit is concerned, for devices in VLAN 1 to communicate with VLAN 100, they will simply need to be allowed through the firewall. There is an example of this in the Configuring InterVLAN Routing in AOS guide.
Furthermore, if the devices on VLAN 100 are using the Sonicwall as their default-gateway, then the Sonicwall will need a static route pointing to the ADTRAN's VLAN 100 IP address. The route in the Sonicwall would be something like "to get to the 172.16.30.0 /24 network, send my traffic to 10.192.168.16.250."
Let me know what questions you have.
Levi
currently Vlan 1 and Vlan 100 are not in the same security policy and the guide dosent talk about that option... do i have to put them in the same policy ? and to allow 192.168.16.0 0.0.0.255 to 172.16.30.0 0.0.0.255 and vice versa?
No typically, you would have them in separate Security Zones (or Policy-classes), then for the VLAN 1 policy-class you would allow traffic from 192.168.16.0 to 172.16.30.0. In VLAN 100, you would do the opposite. Here is an example configuration:
ip access-list extended VLAN100-TO-VLAN1
permit ip 172.16.30.0 0.0.0.255 192.168.16.0 0.0.0.255
!
ip access-list extended VLAN1-TO-VLAN100
permit ip 192.168.16.0 0.0.0.255 172.16.30.0 0.0.0.255
!
ip policy-class VLAN1
allow list VLAN1-TO-VLAN100 stateless
!
ip policy-class VLAN100
allow list VLAN100-TO-VLAN1 stateless
Levi
Thanks levi !
What is the stateless for ?
Dominic lazure
Luminet solutions
Message was edited by: levi (removed contact information)
Here is the definition of stateless processing from the Configuring IPv4 Firewall in AOS guide:
Stateless Processing
Stateless processing refers to when a packet is processed without full consideration being given to what traffic the unit has already seen. In other words, it doesn't care about the current state of the traffic flow; the packet is considered apart from previous packets (except that attack checks might be performed).
Levi
Thank for all your help everything is working fine
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi