VPN Avaya SR 2330/4134

gordan · #1 03-16-2015, 03:24 PM

Hi all!

I have problem finishing my configuration of VPN over ADSL PPPoE between Avaya SR 4134 (RouterA) and Avaya SR 2330 (Router B). Equipped with VPN cards, Firmware version 10.3.6.0, License SR.

I have configured interfaces: Ethernet LAN/WAN, Tunnel and Virtual-Access.
The GRE tunnel is up and the OSPF builds the routing table.
IKE and IPSEC are configured.

At the moment I can access Internet with both routers and with computers connected on their LAN interfaces.
I can ping the LAN interface on router B from router A and vice versa.

The problem is that I can't access/ping computers that are connected on the other end of the tunnel. I can't ping computers connected on LAN-B from router A or from computers connected on LAN-A and vice versa.

Both configurations are in attach.

Do I need to add a route or same NAT policy, not sure...

Any idea will be appreciated,
Thanks!

gordan · #2 03-17-2015, 07:27 AM

I just removed the LAN and Tunnel interfaces from "Firewall corp" and this solved the problem. Not sure why Internet worked on computers without this change tho...

gordan · #3 04-29-2015, 03:41 AM

Hi guys,

After one month configuring I'm almost done. The entire configuration for the VPN is in attach. There is two things I want to ask:

How can I permit the traffic from my network to the remote VPN networks while my LAN interface is in "firewall corp". While my interface "vlan101" is in firewall corp I can access Internet with the NAT policy: policy 1002 out permit address 10.10.139.2 10.10.139.254 any any nat-ip 192.168.139.2 (192.168.139.2 is my WAN interafce that is behind NAT of my ISP ADSL modem) But like this I can't access remote VPN networks (OSPF has populated all the routes to remote networks). However if I remove the "vlan101" interface from "firewall corp" I can access every network trough the VPN but no Internet.

I think it is a policy in the firewall that I miss so my traffic can be permitted trough the tunnel, but I need help with it.

The second thing is to enable SSH access from behind the tunnel.
If I try to SSH access 10.10.139.1 (my LAN address of the "vlan101" interface, there is no problem. But when someone on the other side of the tunnel tries to access via SSH on the same IP, there is a problem.

Any idea is welcome,
Gordan

gordan · #4 04-29-2015, 04:04 AM

The SSH access actually works, it was my error in testing.

Now I just need that line in corp firewall that will permit my VPN trafic.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode