cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2390
Views
0
Helpful
3
Replies

RVS4000 VPN behind Adtran router?

tkcooley2011
Level 1
Level 1

So, I'm trying to set up a VPN tunnel between two sites.  Site A has a RVS4000 as the router to the internet.  Site B has a Adtran NetVanta 3200 to convert a frame relay to ethernet, so I can't replace the Adtran.  How do I set this up so I can create a tunnel between the two Cisco routers?

I have static Internet IP addresses for the Cisco at Site A, the Adtran and Cisco at site B.  I have configured the two Ciscos to set up their tunnel and I've been able to establish the tunnel between my house (where I put Cisco B in place of my home router as a test) and the Cisco at Site A.  So, I know my tunnel settings are ok (with the exception of IP address changes).

I'm being told by some people with more network experience than I have that there are a few options.

1.) put the Adtran in bridge mode and use the Cisco as the firewall, DHCP, etc.  No clue how to do that.

2.) put the Cisco in a DMZ set up on the Adtran.  If I do that, it wouldn't really give me access through the VPN to the network, right?

3.) set up static routes between the Adtran and the Cisco?  static using the internal IPs or the external ones?

Very confused.  Here are some of the IPs for Site B.  I'm not concerned about Site A since I know the internet works there and the VPN tunnel settings are easy enough to change once I actually get the internet working with the two router combo at site B.

Adtran - internal IP - 192.168.1.1 mask 255.255.255.0

           - external IP - X.X.24.179  mask 255.255.255.248 (mask may be wrong - based on memory)

Cisco - internal IP - 192.168.3.1 mask 255.255.255.0

          - external IP - X.X.24.176  mask 255.255.255.248  (again, mask may be wrong)

I don't care which one does the firewall, NAT, etc.  To me it would seem easier to have the Adtran send all traffic to the Cisco, then let the Cisco do the rest (VPN, firewall, DHCP, DNS, etc.).

I'm open to all options - as long as it works.

Thanks in advance for any replies.

3 Replies 3

Tarquin Joseph
Level 1
Level 1

Hi Keith,

If you are sure about the network mask on the Adtran here are the commands for bridging the Frame Relay Interface on the Adtran with the Ethernet Interface:

bridge-group

Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of this command to remove the interface from the bridge group.

Syntax Description

Specifies the bridge group (by number) to which to assign this interface.

Range is 1 to 255.

Default Values

By default, there are no configured bridge groups.

Command History

Release 1.1 Command was introduced.

Functional Notes

A bridged network can provide excellent traffic management to reduce collisions and limit the amount of

bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can

be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface).

Usage Examples

The following example assigns the Ethernet interface to bridge-group 17:

(config)#interface ethernet 0/1

(config-eth 0/1)#bridge-group 17

That's straight from the 3200 config guide.  I'm not sure of the number of Ethernet Interfaces you have on the box, but I would try this on an Interface that's not currently in use.  You need to bridge the spare Ethernet Interface with the Frame Relay Sub-Interface as per the guide notes.

It should then be a simple matter of adding your RVS to the bridged port and configuring one of the free IP addresses in the public range on the Internet facing interface of the RVS.  This IP is what you will use to do the peering with the Site A RVS.  Probably better to use a test subnet to verify VPN connectivity first then condemn your old Ethernet Interface on the Adtran and then let the RVS be the gateway for Site B.

Let me know if this sounds workable.

Regards,

T.

Makes sense I guess.  Only problem is I only have one Ethernet port on the Adtran.  If I change it to bridged mode, do I then lose my ability to administer it from the Ethernet side?  Will all traffic automatically go to the Cisco? 

I'm assuming this is done through telnet.  Any previous commands I need? Any subsequent commands? I mean, anything I need to do to get the router into a mode where it's expectingthese commands?  Anything to do after I do these commands?  I'm assuming, since this will bypass everything, if it doesn't work, all I have to do is type "bridge-group no"?  I don't have the docs for this router.

Thanks again.

-  Keith

Hi Keith,

The Adtran router config guide can be obtained here:

http://www.adtran.com/pub/Library/Reference_Guides/Default/AOS_Command_Reference_Guide.pdf

It's pretty hefty.  The routers usually have a console interface so you make your changes there once it's physically accessible.  Pg. 1492 of the config guide in the link above provides the necessary steps to get to the interface configuration mode on the router.

Regards,

T.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: