I have a Netvanta 3448 that was installed and configured by my ISP. ETH 0/2 connects to my VOIP system. I don't want to affect or change anything on that VOIP side.There is no firewall, polices or security zones on the Adtran. I don't have control or access to the VOIP side. What I would like to do is connect my firewall (SonicWall) to one of the 8 ethernet switch ports and have my firewall route traffic to the Adtran if my primary internet line goes down.
Can I configure one of the 8 ethernet ports to route traffic out ETH0/1 without changing any configuration on ETH0/2 (pretty sure this part is simple)?
Can I configure the Adtran to route any incoming traffic destined for 1 or more specific public IP addresses to a specific ethernet port, again without affecting or changing anything on ETH0/2?
Based on the configuration, the default route is already pointing out eth 0/1. Also, it appears that the VLAN 5 is configured correctly for the Sonicwall to plug into swx 0/5. It just needs to be enabled. The only thing you are missing is a NAT policy for your VLAN 5 traffic to get out to the internet. The configuration would look something like this:
ip access-list extended matchall
permit ip any any
ip policy-class sonicwall
allow list matchall self
nat source list matchall interface eth 0/1 overload
int vlan 5
access-policy sonicwall
no shutdown
ip firewall
Please let us know if you have any questions.
No suggestions?
Thanks for posting your question on the forum!
First off, I may be able to provide better details if I could look at your configuration. If you don't mind, could you post it to this thread and please remember to remove any sensitive information.
Second, could you clarify whether the Sonicwall routing traffic to the Adtran is the same traffic you want to go out eth 0/1?
If yes, the easiest way to setup the Sonicwall to go into one of the ethernet switchports and be routed out eth 0/1 is to do the following:
- Set up a VLAN interface and assign the VLAN to the switchport on the NetVanta you would like to plug the Sonicwall into.
- Create a route-map that routes traffic out eth 0/1 and assign it to the VLAN interface. Configuring Policy Based Routing in AOS
Regarding the last question about routing incoming traffic, the NetVanta cannot control which WAN interface a traffic will ingress from. This is dependent on the ISP routing setup and will more than likely require a multihoming setup. If you are referring to controlling the interface which LAN interface traffic will egress from, this is dependent on the NetVanta route table.
Please do not hesitate to let us know if you have any further questions. Thanks.
Thanks Noor. Yes, I want the sonicwall to route traffic out through eth 0/1 and not affect anything coming from eth 0/2. My config is posted below. Switchport 5 is where the sonicwall would be connected (though it could be any switchport 1-8). I don't have it connected now, so the VLAN5 and other related settings could be ignored.
Thanks for taking a look at this.
! ADTRAN, Inc. OS version
! Boot ROM version 13.03.00.SB
! Platform: NetVanta 3448, part number 1200821E1
! Serial number LBADTNxxx
hostname "20450736"
enable password encrypted
clock timezone -5-Eastern-Time
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
no auto-config
event-history on
no logging forwarding
no logging console
no logging email
service password-encryption
username xxx password encrypted xxx
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
no dot11ap access-point-control
vlan 1
name "Default"
vlan 5
name "CogentData"
no ethernet cfm
interface eth 0/1
description To Verizon
speed 100
ip address 157.xx.xx.66
no shutdown
interface eth 0/2 description To Local LAN
ip address 65.xx.xx.9
no awcp
no shutdown
interface switchport 0/1
no shutdown
interface switchport 0/2
interface switchport 0/3
no shutdown
interface switchport 0/4
no shutdown
interface switchport 0/5
description Cogent Failover
spanning-tree edgeport
no shutdown
switchport access vlan 5
switchport voice vlan 5
qos default-cos 5
interface switchport 0/6
no shutdown
interface switchport 0/7
no shutdown
interface switchport 0/8
no shutdown
interface vlan 5
description CogentVLAN
ip address
ip mtu 1500
ip access-list standard Star2Star
permit host 199.xx.xx.143 log
permit hostname sna.xxx.com log
ip access-list extended web-acl-2
remark starallowpolicy
permit ip host 199.xx.xx.143 65.xx.xx.8
ip policy-class Star2Star
allow list web-acl-2 stateless
ip route 157.xx.xx.65
no tftp server
no tftp server overwrite
no http server
http session-limit 2
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
ip sip udp 5060
ip sip tcp 5060
line con 0
password encrypted
line telnet 0 4
password encrypted
line-timeout 30
no shutdown
line ssh 0 4
login local-userlist
no shutdown
Based on the configuration, the default route is already pointing out eth 0/1. Also, it appears that the VLAN 5 is configured correctly for the Sonicwall to plug into swx 0/5. It just needs to be enabled. The only thing you are missing is a NAT policy for your VLAN 5 traffic to get out to the internet. The configuration would look something like this:
ip access-list extended matchall
permit ip any any
ip policy-class sonicwall
allow list matchall self
nat source list matchall interface eth 0/1 overload
int vlan 5
access-policy sonicwall
no shutdown
ip firewall
Please let us know if you have any questions.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.