Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using Contivity 1750 to Simply Route Traffic

Status
Not open for further replies.
taarflot

taarflot

Technical User
Oct 20, 2003
3
CA
Hi, I have worked with Contivity's for years, but almost always as a VPN appliance strictly, and perhaps with some Firewalling.

I have a client that wants to use the Convity as a straight forward Router, along with the above functionality. This seems quite straight forward, but I can not get the Contivity to pass traffic, (even simple pings) no matter what.

I have disabled the firewall, set Interface filters on all three interfaces to "Permit All", and I still can not pass traffic. I can ping the Interface on the far side of the Contivity, and from the Contivity, ping the next hop off of each interface, but from an attached device I can not ping across to an attached device on the other side, or vice versa.

I just read a tip that mentions setting up some NAT rules, but I want to be sure. It sounds reasonable, but any help would be appreciated.

Thanks,

T
 
Sort by date Sort by votes
A couple of things to look at.

If you want to route between trusted/untrusted (public/private)interfaces the firewall or packet forwarding must be enabled with rules to allow traffic.

Dynamic routing can only be configured for private interfaces, anything over a public interface will need a static route.

 
Upvote 0 Downvote
For testing purposes of this, I have put an "Any - Any" rule at the top of the firewall policy, I have also disabled the Firewall, and used the interface filters as well, setting them to "permit all", as I need to use one or the other, or the Contivity will not allow anything. I have not set any NAT policies though, which I will try today.

As far as routing,I haven't really gotten that far yet, since I can not ping directly attached devices on through the Contivity, where routing is not neccesary or possible, or so I would think.

That sounds right to me though, but would you agree?
 
Upvote 0 Downvote
I'm just curious if you ever got this working...

I would also think that you might have a routing issue. With a "permit all" filter on the external interface your issue is probably with IP routing. If you had a PC on either side of the Contivity VPN Router you would need to configure the default gateway of each PC to the IP address of the VPN router .

PC1 (10.1.0.50/24)
----> VPN ROUTER (10.1.0.1/24)

VPN ROUTER (10.99.0.1/24)
<----
PC2 (10.99.0.50/24)

PC1 would need 10.1.0.1 as it's default gateway while PC2 would need 10.99.0.1 as it's default gateway.

Cheers!
 
Upvote 0 Downvote
I'm not sure if something was hung up, or what was the case, but putting the filters on and removing the firewall, with the filters to permit all worked when I tried it again after a Reboot. Also running the Firewall with and Any-Any rule at the top worked as well.

The NAT rule also had to be added with any-any-source public interfaced - any. These had been tried, but didn't work until after I tried it all again from scratch. Perhaps a fat finger error on my part the first time through...

Thanks for the help to all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tdhaslett
  • Locked
  • Question
Hotline setup to four cell phones
Replies
1
Views
233
tdhaslett
tdhaslett
tdhaslett
  • Locked
  • Question
Mysterious calls to my cell phone
Replies
5
Views
279
tdhaslett
tdhaslett
khalil naheet
  • Locked
  • Question
My call come back to the oprator
Replies
1
Views
229
ipohead
ipohead
Michel$
  • Question
hi guys, After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2 SIP device phones display the error message "n
Replies
0
Views
239
Michel$
Michel$
AlfonsoSF
  • Locked
  • Question
how to configure a port with two or more vlans
Replies
0
Views
196
AlfonsoSF
AlfonsoSF

Part and Inventory Search

Sponsor

Back
Top