I'm not overly familiar with AdTran products, so this may seem like a no brainier. We have an two offices in the same physical location, but operating on different domains and networks. I would like to use eth/2 as a gateway to connect the networks, but only allow specific traffic. Basically, we have a camera system that the secondary office needs access too on the main network. So I need to route those six addresses through the AdTran so they can hit the DVRs.
I tried just setting it up as a secondary WAN, but it wasn't routing the traffic through eth/2. I also tried setting it up as a bridge attached to eth/2, but that didn't pan out either.
The two networks have different internet access, etc. They are wholly self-contained networks.
Any help would be appreciated.
Thank you for asking this question on the support community. Can you provide any additional information about the network design, or you have a network diagram? I'm not sure if the two networks reside on the private side of the ADTRAN, and you need to allow some devices from private "office 1" to communicate to private "office 2," or if this access should be granted from the public Internet to the DVR system on the internal network.
My understanding of the application, from your description, is that there are two private networks connected to the ADTRAN unit (office 1 and office 2), and you would like to allow certain addresses from office 2 to access the DVRs at office 1. If that is correct, then this configuration is done in the firewall. The Configuring the Firewall (IPv4) in AOS guide has an example of this configuration on page 31 (Example 4). However, if my understanding is incorrect, then if you get a chance to provide some additional information about the nature of the application, or a network diagram, I will be happy to help in any way I can.
Levi
Hi Levi, thanks for the reply. Please see above diagram, poorly done it may be. Basically, if I'm sitting on vlan1, and connect via the DVR desktop software to 10.5.1.236 (the DVR): I would like it to route through eth2. Otherwise, all traffic not destined for 10.5.1.0 goes out to the internet via eth1. In a nutshell I'm trying to "poke a whole" into the other network without having to multi-home the 2-3 machines that need access to that DVR or put another gateway into the mix.
Thanks for the assistance.
Thank you for replying with the network diagram. If you would like to reply with a copy of the configuration (please, remove any information that may be sensitive to the organization), I will be happy to provide recommendations for you. The general concept is as I explained above, and a similar configuration example is provided in the firewall guide, I linked above. Without seeing your configuration, I won't be able to provide specific examples, but generally you will need to "allow" traffic through the firewall policy assigned to the VLAN 1 interface, when destined for the "other network" and vice versa.
If you reply with the configuration, I will help you with specific configuration examples.
Levi
Sorry, got side-tracked. I think we have it going correctly. I appreciate the help!
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Levi