Hi Folks,
I recently tried to configure a VPRN firewall policy and followed these steps:
1) create a policy under security with using the default profile to match src-ip/dst-ip. in the entries.
2) create a vprn service and create a zone inside the VPRN
3) add the policy from 1) into the zone along with the interface.
However the firewall doesnt seem to work when I connect an IXIA tester to test traffic to dst-ip 10.20.100.10. I have tried for telnet/ssh ports as well and have had no luck. Note that when I have a default entry to match all protocols the services sessms to work ( behaving like a default policy). Could someone please enlighten on what the issue could be or whether I am missing some configuration. I have spent a few days trying to troubleshoot referring to the ALU documentation but no luck .
Configs as below:
*A:NS1634S1338>config>security# info
policy 10 create
entry 10 create
match
dst-ip 10.20.100.10
exit
limit
exit
action drop
exit
entry 20 create
description "TCP"
match
exit
limit
exit
action forward
exit
exit
*A:NS1634S1338>config>service# info
vprn 4000 customer 1 create
autonomous-system 64530
route-distinguisher 64530:4000
auto-bind mpls
vrf-target target:64530:4000
interface "lo" create
address 30.0.0.2/32
loopback
exit
interface "vprn-1-10.20.200.1" create
address 10.20.200.1/24
sap 1/2/1 create
exit
exit
grt-lookup
enable-grt-local-management-only
exit
zone 10 create
interface "vprn-1-10.20.200.1"
exit
nat
exit
policy "10"
inbound
limit
exit
exit
outbound
limit
exit
exit
commit
exit
no shutdown
exit
Firewall configuration on SAR-7705 issue
-
dushanraman
- Member
- Posts: 8
- Joined: 07 Sep 2016 22:15
Jump to
- General topics
- ↳ Talk to the admins
- ↳ GENERAL
- ↳ Outside World
- ↳ PARTS
- ↳ Pre-Sales
- ↳ JOBS
- ↳ Remote assistance contracts
- ↳ Actis
- ↳ Equipement Pictures
- ↳ OT/OXE/OXO FEATURES REQUESTS
- ↳ Lucent Technologies
- IF YOU ARE NOT TECHNICALLY TRAINED ON THOSE PBX, PLEASE POST IN ONE OF THOSE FORUMS
- ↳ Beginner's questions about the Crystal Hardware
- ↳ Beginner's questions about the Common Hardware
- ↳ Beginner's questions about the (4400 / Enterprise) PHONE APPLICATION or OPERATING SYSTEM
- ↳ Beginner's questions about the OmniPCX OFFICE
- VOICE - Documentation
- ↳ OXE (Crystal / Common) - System Documentation
- ↳ 4760
- ↳ OXO - System Documentation
- ↳ Documentation
- VOICE - OXE (OmniPCX Enterprise)
- ↳ Shelf
- ↳ Media Gateway
- ↳ PWT/DECT System
- ↳ System
- ↳ Translator
- ↳ Classes of Services
- ↳ Attendant
- ↳ Users
- ↳ Users by profile
- ↳ Set Profile
- ↳ Groups
- ↳ Speed Dialing
- ↳ Phone Book
- ↳ Entities
- ↳ Trunk Groups
- ↳ External Services
- ↳ Inter-Node Links
- ↳ X25
- ↳ Data
- ↳ Application
- ↳ Specific Telephone Services
- ↳ ATM
- ↳ Event Routing Discriminator
- ↳ Security and Access Control
- ↳ IP
- ↳ SIP
- ↳ DHCP Configuration
- ↳ Alcatel-Lucent Series 8&9
- ↳ SIP Extension
- ↳ Encryption
- ↳ Passive Communication Server
- ↳ SNMP Configuration
- VOICE - OXE - Common topics
- ↳ MAIN
- ↳ ACTIS
- ↳ Asterisk
- ↳ Boards
- ↳ Bugs & Security issues
- ↳ Equipment Pictures
- ↳ Feature Request
- ↳ H323 / Sip
- ↳ IP / VoIP
- ↳ IP SECURITY / ENCRYPTION (Thales)
- ↳ ipTouch (40x8) issues and tricks
- ↳ Linux tricks
- ↳ MOH
- ↳ ON SITE TROUBLES
- ↳ Phones
- ↳ Sipfoundry
- ↳ Software Loading
- ↳ Swinst
- ↳ System Hacking
- ↳ Traces
- ↳ Usefull commands
- ↳ Voice Guides
- ↳ VMWARE
- ↳ Wireless configuration and sets
- VOICE - OpenTouch
- ↳ MAIN
- ↳ OTEC - OpenTouch Enterprise Cloud
- ↳ OTBE - OpenTouch Business Edition
- ↳ OTMS - OpenTouch Multimedia Services
- ↳ OTSBC - OpenTouch Session Border Controller
- ↳ OTNS - OpenTouch Notification Service
- ↳ OTMC - OpenTouch Message Center
- ↳ OTFC - OpenTouch Fax Center
- ↳ OpenTouch Conversation
- ↳ Smart Guest Applications
- VOICE - BiCS
- ↳ MAIN
- VOICE - OXO
- ↳ MAIN
- ↳ Configuration
- ↳ 42xx Systems
- ↳ Networking
- ↳ H323 / IP / Pimphony
- ↳ Internet and related
- ↳ Applications
- ↳ Hotel mode
- ↳ DECT
- ↳ Hardware
- VOICE - Omni Suite
- ↳ OmniTouch 8400 Instant Communication Suite
- ↳ OmniTouch 8410 Instant Communication Web Services
- ↳ OmniTouch 8440 Messaging Software
- ↳ OmniTouch 8450 Fax Software
- ↳ OmniTouch 8460 Advanced Communication Server
- ↳ OmniTouch 8464 Meet-me Audio Conference Bridge
- ↳ OmniTouch 8660 My Teamwork Conferencing and Collaboration
- ↳ OmniTouch 8670 Automated Message Delivery System
- ↳ OmniTouch Contact Center Standard Edition
- ↳ OmniTouch Contact Center Premium Edition
- VOICE - Applications
- ↳ AECS - Alcatel Extended Communication Server
- ↳ Alcatel OpenTouch Customer Service
- ↳ Aviso
- ↳ Call Center SoftPanel (ALU ProServices)
- ↳ CCD / CCS / CCIVR
- ↳ Free Desktop
- ↳ GENESYS
- ↳ Hotel / Hospital
- ↳ Ip Desktop Softphone
- ↳ IpTouch Phones XML Applications
- ↳ MSAD
- ↳ MyIC (My Instant Communicator)
- ↳ My Messaging / IMAP
- ↳ My Teamwork (ex-eDial)
- ↳ OmniPCX Record
- ↳ OmniVista 4760
- ↳ OmniVista 8770
- ↳ OTUC
- ↳ PREMIUM / GCE
- ↳ Rainbow
- ↳ Ubiquity
- ↳ ENS - Emergency Notification Server
- ↳ VNA - Visual Notification Assistant
- ↳ VAA - Visual Auto Attendant
- ↳ VitalSuite
- ↳ VitalQIP
- ↳ Voicemail (46x5)
- ↳ XML Presentation Server & TAPI Server
- ↳ 4980 - WebSoftPhone
- ↳ 4625 Interactive Voice Response
- VOICE - Third Party Applications
- ↳ AGITO NETWORKS
- ↳ AUDIOCODES
- ↳ ASTERISK
- ↳ AVST
- ↳ CISCO
- ↳ NGINX
- ↳ NICE
- ↳ Notification Systems
- ↳ OAK
- ↳ SOURCE TECH
- ↳ systel
- ↳ IP Touch apps
- ↳ Click2Dial
- ↳ MYIC apps
- Alcatel Unleashed tools, documentations, and misc files...
- ↳ DIALER
- ↳ VM_BACKUP
- ↳ ipview analyzer
- ↳ "Home Made" documentations
- ↳ Alcatel Misc Documentation
- ↳ infocollect
- ↳ motview
- ↳ Other Alcatel-Lucent tools
- ↳ OFFICIAL TC's
- ↳ sngrep
- Developer's corner
- ↳ AHL / OHL
- ↳ Alarming, Notification & Location
- ↳ CCTI / CCA
- ↳ CSTA
- ↳ My IC Phone
- ↳ My IP Touch Service for Enterprise
- ↳ O2G
- ↳ OmniVista 8770 User Provisioning
- ↳ SIP
- ↳ TAPI
- ↳ TSAPI
- ↳ Web Services
- Alcatel Data Equipment
- ↳ Security
- ↳ OmniAccess 3500 Nonstop Laptop Guardian
- ↳ Mobility
- ↳ OmniAccess WLAN Switching Systems
- ↳ OmniAccess WLAN 4302
- ↳ OmniAccess Wireless Access Points 41
- ↳ OmniAccess Wireless Access Points 65
- ↳ OmniAccess Wireless Access Points 60/61/70
- ↳ OmniAccess Wireless Access Points 80M
- ↳ Mobile IP Phones
- ↳ OmniAccess Devices
- ↳ OmniAccess 5780
- ↳ OmniAccess 5740
- ↳ OmniAccess 5510
- ↳ Network Management
- ↳ Omnivista
- ↳ Omnivista Mobility Manager
- DATA - Documentation
- ↳ Technical papers
- ↳ Troubleshooting guides
- DATA - Lan Switching
- ↳ OmniSwitch 10k
- ↳ OmniSwitch 9900
- ↳ OmniSwitch 9000 / 9000E
- ↳ OmniSwitch 6900
- ↳ OmniSwitch 6865
- ↳ OmniSwitch 6860 / 6860E
- ↳ OmniSwitch 6855
- ↳ OmniSwitch 6850 / 6850E
- ↳ OmniSwitch 6560
- ↳ OmniSwitch 6465
- ↳ OmniSwitch 6450
- ↳ OmniSwitch 6400
- ↳ OmniSwitch 6360
- ↳ OmniSwitch 6350
- ↳ OmniSwitch 6250
- ↳ OmniSwitch 2220
- ↳ OmniSwitch 2260 / 2360
- ↳ Legacy Devices (OS4024, XOS, OmniCore)
- ↳ OmniSwitch 6600 / 7000 / 8800
- ↳ OmniSwitch 6800
- ↳ OmniStack LS 6200
- ↳ Misc
- DATA - WLAN, Mobility and WAN
- ↳ OmniAccess WLAN Switching Systems (OEM)
- ↳ OmniAccess Wireless Access Points
- ↳ Mobile IPTouch Phones (MIPT)
- ↳ OmniAccess Stellar Express
- ↳ OmniAccess Stellar Enterprise
- ↳ OmniAccess 3500 Nonstop Laptop Guardian
- ↳ Brick VPN Firewall
- ↳ OmniAccess 5740/5780
- ↳ OmniAccess ESR 5720
- ↳ OmniAccess 5510
- DATA - Network Management
- ↳ OmniVIsta 3600 Air Manager
- ↳ OmniVista 2500 v4.x
- ↳ OmniVista 2500 v3.5
- ↳ OmniVista 2500/2700 v3.4 and older
- ↳ OmniVista Cirrus
- ↳ Alcatel Quarantine Manager
- ↳ Fortigate Security
- DATA - Service Provider
- ↳ 5520 ASAM
- ↳ 5620 SAM
- ↳ 5650 CPAM
- ↳ 5670 RAM
- ↳ 5750 SSC
- ↳ 7210 SAS
- ↳ 7360 ISAM
- ↳ 7450 ESS
- ↳ 7450 Ethernet Service Switch
- ↳ 7750 Service Router
- ↳ 7705 SAR
- ↳ 7750 SR
