Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Contivity FW questions

Status
Not open for further replies.
AyrishGrl

AyrishGrl

Technical User
Feb 14, 2005
129
US
I have a contivity 110 that I have just set up at my house. The purpose of this is to allow branch tunnel connectivity to the office so I have easy access to the network 24/7. I have the stateful FW on it, but am not real sure how to configure it. Ideally I would like stateful Internet access and full access over the BOT. However, I do not want to open up my home network for the entire office network. I want to restrict traffic originating from the office network to a specific IP. Traffic originating from home network to office is fine. How do I set this up?
 
Sort by date Sort by votes
Open the Stateful Firewall Manager, and edit the policy in question (may need to copy the system default to something with another name to edit, if you haven't already done so).

Click Interface Specific Rules. Select Branch Tunnel from the Interface menu, then the name of the connection (such as base/test). Add a rule (right click on #), and set the action to allow. Click destination interface rules, and set the action to allow. This will pass all traffic through the tunnel without inspection.

To configure the firewall on the LAN/LAN1 interfaces, select the interface you wish to modify, right click to add a new rule, then select the source and destination addresses, as well as the service (TCP/UDP port number). Set it to accept/drop/reject as desired.

 
Upvote 0 Downvote
I should read everything twice before I post. To restrict traffic over the BOT, make a rule that allows traffic from one IP (such as 192.168.1.1), but rejects everything else. That's all configured in the source/destination address fields in the firewall config.

There are pretty decent docs available on Nortel's site that explain the firewall config.
 
Upvote 0 Downvote
Currently I have 3 rules in the Override Rules tab.

1. Src Interface - Trusted; Dst Interface - Any; Soure - Any; Destination - Any; Service - Any; Action Accept.

2. Src Interface - Branch Tunnel:Any; Dst interface - Any Source - dnohpguenther (this is defined as an IP address); Destination - Any Service - Any; Action - Accept.

3. Src Interface - Any; Dst interface - Any Source - Any; Destination - Any; Service - Any; Action - drop.

I want unrestricted Branch office tunnel traffic from my house to the office, but I only want 2 IPs to have access to this branch office tunnel from the office to my house. Currently I can ping a wireless router on my home network from the office from any IP address. FW logs on the contivity show everything being allowed on Rule 1.

06/28/2005 11:10:56 0 CSFW [12] Rule[OVERRIDE 1] Firewall: [10.206.95.67:768-10.10.2.20:2048, icmp], action: Allow

What am I doing wrong?
 
Upvote 0 Downvote
Line 1 Soure Should be Source.

Rick Harris
SC Dept of Motor Vehicles
Network Operations
 
Upvote 0 Downvote
Rick

It looks like that worked. I will keep testing it tonight. Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DocRobotnik
  • Locked
  • Question
Nortel Contivity 1750 password unknow and maybe ip static unknow 1
Replies
1
Views
97
andy88
andy88
Elderusr07
  • Locked
  • Question
Nortel Contivity - Random End User Disconnects
Replies
0
Views
66
Elderusr07
Elderusr07
babytech2009
  • Locked
  • Question
Baystack 5520 - Password Recovery FW 5.0.0.4 SW v5.1.0.015
Replies
3
Views
111
Westi
Westi
damage750
  • Locked
  • Question
Contivity 1100 factory default
Replies
3
Views
89
damage750
damage750
biglebowski
  • Locked
  • Question
Contivity client for iPAD
Replies
3
Views
78
VinceWhirlwind
VinceWhirlwind

Part and Inventory Search

Sponsor

Back
Top