• July 21, 2019, 08:22:00 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Avaya SR1002 config?  (Read 4520 times)

0 Members and 1 Guest are viewing this topic.

Offline Gipper

  • Jr. Member
  • **
  • Posts: 34
Avaya SR1002 config?
« on: January 31, 2014, 05:31:31 PM »
Greetings, I was recently asked to config an Avaya SR1002 for basic NAT.  What I want to do is static NAT all traffic arriving at interface E0 (10.10.10.254) to interface E1 (192.168.0.3)

I've not been able to find any documents on how to perform basic configuration on the SR1002?  Anyone ever wrestled with one of these?

Thanks!

 


Offline ajohnson

  • Jr. Member
  • **
  • Posts: 43
Re: Avaya SR1002 config?
« Reply #1 on: February 03, 2014, 04:19:27 PM »
Take a look here, looks like there's examples in chapter 23
https://downloads.avaya.com/css/P8/documents/100121840

If something happens to the link, the document is titled "Avaya Secure Router 1000 Series Configuration Guide", so google on that...

Offline Gipper

  • Jr. Member
  • **
  • Posts: 34
Re: Avaya SR1002 config?
« Reply #2 on: February 03, 2014, 05:23:06 PM »
Thanks, I found that doc shortly after posting and have been able to get a single NAT to work, but cannot get a static one to one pool working.  Not sure if it's possible to do this using only the LAN ethernet ports?  The WAN ports seem to be limited to T1 connectivity, but we just need to NAT between two standard networks.

Offline ajohnson

  • Jr. Member
  • **
  • Posts: 43
Re: Avaya SR1002 config?
« Reply #3 on: February 03, 2014, 06:00:52 PM »
Unfortunatly I don't have a spare router to test this with (actually mine are SR3120s anyway) but it seems to me that as long as the router interfaces have ip addresses on both networks, it shouldn't matter.  You should be able to create the nat pool ip range mappings as detailed in the document.

Most of my wan links are MPLS for instance, not T1, so even my public Internet is still over an ethernet connection.

Offline Gipper

  • Jr. Member
  • **
  • Posts: 34
Re: Avaya SR1002 config?
« Reply #4 on: February 05, 2014, 04:07:27 PM »
Most of my wan links are MPLS for instance, not T1, so even my public Internet is still over an ethernet connection.

Are you using the SR1002 WAN port?  or only the two ethernet ports? If WAN, how did you configure it to talk to anything other than T1?  It seems that you must configure the WAN port as a "Bundle", which has me confused.  Can the WAN port be used for anything other than connection to a T1 circuit? 

Offline ajohnson

  • Jr. Member
  • **
  • Posts: 43
Re: Avaya SR1002 config?
« Reply #5 on: February 05, 2014, 05:24:58 PM »
No, for my MPLS circuits I am not using the WAN port as there aren't ethernet modules there.  Also, I've taken my 3120 off my MPLS and upgraded to a SR4134 now.

I do have one non-MPLS connection on a SR3120 pair that is a DS3 circuit, and you are correct, instead of referring to it as "interface ethernet x/x" you say "interface bundle yyy" and then "link t3 x/x" or "link t1 x/x".  However all of that is just to identify the port you are configuring, once you get past that part, the rest of the commands (ip address x.x.x.x, etc) are pretty much the same.

Offline Gipper

  • Jr. Member
  • **
  • Posts: 34
Re: Avaya SR1002 config?
« Reply #6 on: February 20, 2014, 03:35:44 PM »
I finally got this working and wanted to post the relevant config to possibly help someone in the future.
Since this was being used internally, I used FE0 and FE1.  The following config performs a "one-to-one" static NAT from 10.10.71.242, 243, 244 on FE1 to 192.168.0.2, 3, 4 on FE0. 
Cheers! 
-----------------------------------------------------
interface  ethernet 0
    ip  address 192.168.0.1 255.255.255.0
    qos
      exit qos
    crypto trusted
    exit ethernet
interface  ethernet 1
    ip  address 10.10.71.1 255.255.255.0
    ip  proxy_arp
    qos
      exit qos
    crypto untrusted
    exit ethernet
!replace the MAC address in the following arp commands with the MAC of your FE1
arp 10.10.71.242 3c:3a:73:1f:85:01 published
arp 10.10.71.243 3c:3a:73:1f:85:01 published
arp 10.10.71.244 3c:3a:73:1f:85:01 published
firewall internet
  interface ethernet1
  policy 50 in permit protocol icmp self
    exit policy
    exit firewall
firewall corp
  interface ethernet0
  policy 20 in permit address any any 10.10.71.242 32  nat-ip 192.168.0.2
    exit policy
  policy 30 in permit address any any 10.10.71.243 32  nat-ip 192.168.0.3
    exit policy
  policy 40 in permit address any any 10.10.71.244 32  nat-ip 192.168.0.4
    exit policy
  policy 1002 out permit address 192.168.0.2 32 any any nat-ip 10.10.71.242
    exit policy
  policy 1003 out permit address 192.168.0.3 32 any any nat-ip 10.10.71.243
    exit policy
  policy 1004 out permit address 192.168.0.4 32 any any nat-ip 10.10.71.244
    exit policy
« Last Edit: February 20, 2014, 03:45:00 PM by Gipper »